CVE-2025-30214: Frappe vulnerable to information disclosure leading to account takeover

March 25, 2025 (updated October 31, 2025)

Making crafted requests could lead to information disclosure that could further lead to account takeover.

References

github.com/advisories/GHSA-qrv3-jc3h-f3m6
github.com/frappe/frappe
github.com/frappe/frappe/security/advisories/GHSA-qrv3-jc3h-f3m6
nvd.nist.gov/vuln/detail/CVE-2025-30214

Code Behaviors & Features

Detect and mitigate CVE-2025-30214 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →