Description

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute arbitrary scripts in the context of other users.

INFO

Published Date :

2025-09-17T21:07:58.471Z

Last Modified :

2025-09-18T13:58:43.346Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59415 vulnerability.

Vendors Products
Frappe
  • Frappe
  • Frappe Lms
  • Learning
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59415.

URL Resource
https://github.com/frappe/lms/commit/ed162e254690772365d4d1365f176b59bc4db72d cve-icon cve-icon
https://github.com/frappe/lms/security/advisories/GHSA-h7gh-3vq5-96jx cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact