CVE-2025-11461

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-11461

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11461.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-11461

Published

2025-11-26T18:15:46.847Z

Modified

2026-03-14T12:41:18.692878Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.

References

Affected packages

Git / github.com/frappe/crm

Affected ranges

Type

GIT

Repo

https://github.com/frappe/crm

Events

Introduced

Last affected

cf849f7dffa707cc41bc5dd1a3b78812a6d06190

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.53.1"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.10.0

v1.10.1

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.15.1

v1.16.0

v1.16.1

v1.16.2

v1.17.0

v1.17.1

v1.17.2

v1.18.0

v1.19.0

v1.2.0

v1.2.1

v1.2.2

v1.20.0

v1.20.1

v1.21.0

v1.22.0

v1.23.0

v1.23.1

v1.23.2

v1.23.3

v1.23.4

v1.23.5

v1.23.6

v1.24.0

v1.24.1

v1.24.2

v1.24.3

v1.24.4

v1.24.5

v1.24.6

v1.24.7

v1.25.0

v1.25.1

v1.26.0

v1.27.0

v1.27.1

v1.27.2

v1.28.0

v1.29.0

v1.29.1

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.30.0

v1.30.1

v1.31.0

v1.31.1

v1.31.2

v1.31.3

v1.32.0

v1.32.1

v1.32.10

v1.32.11

v1.32.12

v1.32.2

v1.32.3

v1.32.4

v1.32.5

v1.32.6

v1.32.7

v1.32.8

v1.32.9

v1.33.0

v1.33.1

v1.34.0

v1.34.1

v1.34.10

v1.34.11

v1.34.12

v1.34.13

v1.34.14

v1.34.15

v1.34.16

v1.34.17

v1.34.2

v1.34.3

v1.34.4

v1.34.5

v1.34.6

v1.34.7

v1.34.8

v1.34.9

v1.35.0

v1.36.0

v1.36.1

v1.36.2

v1.37.0

v1.37.1

v1.38.0

v1.38.1

v1.38.2

v1.38.3

v1.38.4

v1.38.5

v1.38.6

v1.38.7

v1.38.8

v1.39.0

v1.39.1

v1.39.2

v1.39.3

v1.39.4

v1.4.0

v1.4.1

v1.40.0

v1.40.1

v1.40.2

v1.41.0

v1.41.1

v1.42.0

v1.42.1

v1.42.2

v1.43.0

v1.44.0

v1.45.0

v1.46.0

v1.46.1

v1.46.2

v1.46.3

v1.46.4

v1.47.0

v1.47.1

v1.47.2

v1.47.3

v1.47.4

v1.47.5

v1.47.6

v1.48.0

v1.48.1

v1.48.2

v1.49.0

v1.49.1

v1.5.0

v1.50.0

v1.50.1

v1.50.2

v1.51.0

v1.51.1

v1.52.0

v1.52.1

v1.52.10

v1.52.11

v1.52.2

v1.52.3

v1.52.4

v1.52.5

v1.52.6

v1.52.7

v1.52.8

v1.52.9

v1.53.0

v1.53.1

v1.6.0

v1.7.0

v1.8.0

v1.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11461.json"