CVE

CVE-2025-68953

Certain Frappe requests are vulnerable to Path Traversal

CVE

CVE-2025-68953

Certain Frappe requests are vulnerable to Path Traversal

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in versions 14.99.6 and 15.88.1. To workaround, changing the setup to use a reverse proxy is recommended.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.5

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68953.json, https://github.com/frappe/frappe/commit/3867fb112c3f7be1a863e40f19e9235719f784fb, https://github.com/frappe/frappe/commit/959efd6a498cfaeaf7d4e0ab6cca78c36192d34d, https://github.com/frappe/frappe/security/advisories/GHSA-xj39-3g4p-f46v, https://nvd.nist.gov/vuln/detail/CVE-2025-68953

Severity

7.5

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.5

EPSS Probability

0.0006%

EPSS Percentile

0.19203%

Introduced Version

0,b8c1f492c492f7cbbfd3cc768234fbb244fd3737

Fix Available

38801bcff4d9aa9f1447aefa75b4a67fa860a60e,01c8b04e5c5a975a86bbb5a4c3d3b8d67c189e11

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2025-68953

CVE-2025-68953

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.5

Basic Information

Fix Critical Vulnerabilities Instantly