Description

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in versions 14.99.6 and 15.88.1. To workaround, changing the setup to use a reverse proxy is recommended.

INFO

Published Date :

2026-01-05T21:53:39.251Z

Last Modified :

2026-01-06T19:04:38.829Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68953 vulnerability.

Vendors Products
Frappe
  • Frappe
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68953.

URL Resource
https://github.com/frappe/frappe/commit/3867fb112c3f7be1a863e40f19e9235719f784fb cve-icon cve-icon
https://github.com/frappe/frappe/commit/959efd6a498cfaeaf7d4e0ab6cca78c36192d34d cve-icon cve-icon
https://github.com/frappe/frappe/security/advisories/GHSA-xj39-3g4p-f46v cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact