CVE-2025-59421

Press vulnerable to email flooding to users due to lack of validation and rate limits

Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). A bad actor can flood the inbox of a user by repeatedly sending invites (duplicate). The issue is fixed in commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615.

INFO

Published Date :

2025-09-18T14:42:40.662Z

Last Modified :

2025-09-19T17:09:44.449Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-59421 vulnerability.

Vendors	Products
Frappe	Frappe Press

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59421.

URL	Resource
https://github.com/frappe/press/commit/83c3fc7676c5dbbe1fd5092d21d95a10c7b48615
https://github.com/frappe/press/security/advisories/GHSA-68qm-vp8f-rpr3

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability