CVE-2025-30212: Frappe has possibility of SQL injection due to improper validations
An SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information.
References
- github.com/advisories/GHSA-3hj6-r5c9-q8f3
- github.com/frappe/frappe
- github.com/frappe/frappe/commit/27f13437db161a173137d91cd07d0f9287d7c556
- github.com/frappe/frappe/commit/2ebd88520ecfa9bb7d3392b7de8c8f94a86ec05c
- github.com/frappe/frappe/security/advisories/GHSA-3hj6-r5c9-q8f3
- nvd.nist.gov/vuln/detail/CVE-2025-30212
Code Behaviors & Features
Detect and mitigate CVE-2025-30212 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →