Description

ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left certain endpoints vulnerable to error-based SQL Injection. Some information like version could be retrieved. This issue is fixed in versions 14.89.2 and 15.76.0.

INFO

Published Date :

2025-09-06T00:30:26.689Z

Last Modified :

2025-09-08T14:06:07.055Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58439 vulnerability.

Vendors Products
Frappe
  • Erpnext
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58439.

URL Resource
https://github.com/frappe/erpnext/pull/49219 cve-icon cve-icon
https://github.com/frappe/erpnext/pull/49220 cve-icon cve-icon
https://github.com/frappe/erpnext/security/advisories/GHSA-fvjw-5w9q-6v39 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact