CVE-2025-30213
Published: 25 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-30213 is a remote code execution vulnerability in Frappe, a full-stack web application framework. In versions prior to 14.9.1 and 15.52.0, a system user could create certain documents in a specific way that leads to arbitrary code execution on the server. The vulnerability is rated with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-20 (Improper Input Validation), though additional CWE details are unavailable from NVD. It was published on 2025-03-25.
An authenticated system user with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants high-impact remote code execution, allowing full control over confidentiality, integrity, and availability of the affected system.
The GitHub security advisory (GHSA-v342-4xr9-x3q3) confirms that versions 14.9.1 and 15.52.0 contain patches for the vulnerability. There is no workaround available, and upgrading to a patched version is required for mitigation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a remote code execution vulnerability in a web application framework exploitable by an authenticated low-privilege user over the network, directly enabling exploitation of public-facing applications (T1190) and exploitation for privilege escalation (T1068) to achieve full system control.