CVE-2025-30217
Published: 26 March 2025
Description
Adversaries may leverage databases to mine valuable information.
Security Summary
CVE-2025-30217 is a SQL injection vulnerability (CWE-89) in the Frappe Framework, a full-stack web application framework. It affects versions prior to 14.93.2 and 15.55.0, where improper input handling allows malicious SQL queries to be executed. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high-impact confidentiality violations without affecting integrity or availability.
An unauthenticated attacker with network access can exploit this vulnerability remotely with low attack complexity and no user interaction required. Exploitation enables the attacker to extract sensitive information from the underlying database, potentially exposing user data, credentials, or other confidential records hosted by Frappe-based applications.
The Frappe security advisory (GHSA-6phg-4wmq-h5h3) confirms that versions 14.93.2 and 15.55.0 include patches addressing the issue. No known workarounds are available, so administrators should upgrade affected instances promptly.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
SQL injection in public-facing Frappe web framework directly enables T1190 for remote unauthenticated exploitation; facilitates T1213.006 by allowing arbitrary queries to extract data from the application's database.