CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-67289

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 15.5%

CVSS Severity

CVSS v3 Score 9.6

References

http://erpnext.com
http://frappe.com
https://github.com/vuquyen03/CVE/blob/main/CVE-2025-67289/README.md

Products affected by CVE-2025-67289

Frappe » Erpnext » Version: 15.89.0

cpe:2.3:a:frappe:erpnext:15.89.0
Frappe » Frappe » Version: 15.89.0

cpe:2.3:a:frappe:frappe:15.89.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-67289

Products

Pricing

Contact Us