Plattform
erpnext
Komponente
frappe/frappe
Behoben in
14.99.7
15.0.1
CVE-2025-68953 describes a Path Traversal vulnerability discovered in the Frappe Framework. This flaw allows attackers to potentially retrieve arbitrary files from the server, compromising data confidentiality. The vulnerability affects versions 14.99.5 and below, as well as versions 15.0.0 through 15.80.1. A fix is available in versions 14.99.6 and 15.88.1.
Successful exploitation of CVE-2025-68953 allows an attacker to read arbitrary files from the Frappe Framework server. This includes configuration files, source code, and potentially database backups, depending on the server's file system structure and permissions. The attacker could gain access to sensitive information such as API keys, database credentials, and user data. While direct code execution is not possible, the information obtained could be used to further compromise the system or launch other attacks. The blast radius extends to any application or service relying on the vulnerable Frappe Framework instance.
This vulnerability is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting a lower probability of immediate widespread exploitation. However, the ease of exploitation and potential impact warrant careful attention. The vulnerability was publicly disclosed on 2026-01-05.
Organizations deploying Frappe Framework applications, particularly those using older versions (≤ 15.0.0, < 15.88.1), are at risk. Shared hosting environments where multiple applications share the same server infrastructure are also particularly vulnerable, as a successful attack on one application could potentially compromise others.
• linux / server: Monitor web server access logs for unusual file requests containing directory traversal sequences (e.g., ../).
grep -i '../' /var/log/apache2/access.log• generic web: Use curl to test for path traversal vulnerabilities by appending directory traversal sequences to URLs.
curl 'http://your-frappe-instance/../../../../etc/passwd'• python: Review Frappe Framework code for instances where user-supplied input is used to construct file paths without proper sanitization.
disclosure
Exploit-Status
EPSS
0.07% (21% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-68953 is to upgrade to Frappe Framework version 14.99.6 or 15.88.1. If immediate upgrading is not feasible, implementing a reverse proxy is a recommended workaround. A reverse proxy can be configured to sanitize incoming requests and prevent path traversal attempts. Additionally, review file system permissions to ensure that sensitive files are not accessible to unauthorized users. After upgrading, verify the fix by attempting to access files outside of the intended application directory via a web request; access should be denied.
Actualice Frappe a la versión 14.99.6 o superior, o a la versión 15.88.1 o superior. Como alternativa, configure un proxy inverso para mitigar la vulnerabilidad de path traversal. Esto ayudará a sanitizar las solicitudes y prevenir el acceso a archivos arbitrarios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-68953 is a Path Traversal vulnerability affecting Frappe Framework versions ≤ 15.0.0 and < 15.88.1, allowing attackers to potentially retrieve arbitrary files from the server.
You are affected if you are using Frappe Framework versions 14.99.5 and below, or versions 15.0.0 through 15.80.1. Upgrade to 14.99.6 or 15.88.1 to mitigate the risk.
Upgrade to Frappe Framework version 14.99.6 or 15.88.1. As a temporary workaround, configure a reverse proxy to sanitize incoming requests.
No active exploitation campaigns have been reported, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the official Frappe Framework security advisories on their website for detailed information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.