Vulnerability Details CVE-2025-11461
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.
This issue affects Frappe CRM: 1.53.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.8%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2025-11461
-
cpe:2.3:a:frappe:frappe_crm:1.53.1