What is CVE-2025-68953 — Path Traversal in Frappe Framework?

CVE-2025-68953 is a Path Traversal vulnerability affecting Frappe Framework versions ≤ 15.0.0 and < 15.88.1, allowing attackers to potentially retrieve arbitrary files from the server.

Am I affected by CVE-2025-68953 in Frappe Framework?

You are affected if you are using Frappe Framework versions 14.99.5 and below, or versions 15.0.0 through 15.80.1. Upgrade to 14.99.6 or 15.88.1 to mitigate the risk.

How do I fix CVE-2025-68953 in Frappe Framework?

Upgrade to Frappe Framework version 14.99.6 or 15.88.1. As a temporary workaround, configure a reverse proxy to sanitize incoming requests.

Is CVE-2025-68953 being actively exploited?

No active exploitation campaigns have been reported, but the vulnerability's ease of exploitation makes it a potential target.

Where can I find the official Frappe Framework advisory for CVE-2025-68953?

Refer to the official Frappe Framework security advisories on their website for detailed information and updates.

CVE-2025-68953 — Vulnerability Details

Q: Am I affected by CVE-2025-68953 in Frappe Framework?

You are affected if you are using Frappe Framework versions 14.99.5 and below, or versions 15.0.0 through 15.80.1. Upgrade to 14.99.6 or 15.88.1 to mitigate the risk.

Q: How do I fix CVE-2025-68953 in Frappe Framework?

Upgrade to Frappe Framework version 14.99.6 or 15.88.1. As a temporary workaround, configure a reverse proxy to sanitize incoming requests.

Q: Is CVE-2025-68953 being actively exploited?

No active exploitation campaigns have been reported, but the vulnerability's ease of exploitation makes it a potential target.

Q: Where can I find the official Frappe Framework advisory for CVE-2025-68953?

Refer to the official Frappe Framework security advisories on their website for detailed information and updates.

NEXTGUARD

Gratis scannen

CVE-2025-68953 — Vulnerability Details | NextGuard

Detectiestappenwordt vertaald…

• linux / server: Monitor web server access logs for unusual file requests containing directory traversal sequences (e.g., ../).

grep -i '../' /var/log/apache2/access.log

• generic web: Use curl to test for path traversal vulnerabilities by appending directory traversal sequences to URLs.

curl 'http://your-frappe-instance/../../../../etc/passwd'

• python: Review Frappe Framework code for instances where user-supplied input is used to construct file paths without proper sanitization.

Bepaalde Frappe verzoeken zijn kwetsbaar voor Path Traversal

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpenwordt vertaald…

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2025-68953 — Path Traversal in Frappe Framework?

Am I affected by CVE-2025-68953 in Frappe Framework?

How do I fix CVE-2025-68953 in Frappe Framework?

Is CVE-2025-68953 being actively exploited?

Where can I find the official Frappe Framework advisory for CVE-2025-68953?

Is jouw project getroffen?