CVE-2025-52048
- Source
- https://cve.org/CVERecord?id=CVE-2025-52048
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-52048.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-52048
- Aliases
-
- GHSA-mggw-6xqj-rphj
- Published
- 2025-09-15T16:15:39.060Z
- Modified
- 2026-04-10T05:30:31.128469Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the function add_tag() at
frappe/desk/doctype/tag/tag.pyis vulnerable to SQL Injection, which allows an attacker to extract information from databases by injecting a SQL query into thedtparameter. - References
Affected packages
Git / github.com/frappe/frappe
Affected versions
v14.*
v14.0.0
v14.0.1
v14.0.2
v14.1.0
v14.10.0
v14.11.0
v14.11.1
v14.12.0
v14.13.0
v14.14.0
v14.14.1
v14.14.2
v14.14.3
v14.15.0
v14.16.0
v14.17.0
v14.17.1
v14.18.0
v14.18.1
v14.19.0
v14.19.1
v14.2.0
v14.20.0
v14.21.0
v14.21.1
v14.22.0
v14.22.1
v14.23.0
v14.24.0
v14.25.0
v14.25.1
v14.25.2
v14.25.3
v14.25.4
v14.26.0
v14.26.1
v14.26.2
v14.26.3
v14.26.4
v14.27.0
v14.28.0
v14.28.1
v14.28.2
v14.29.0
v14.29.1
v14.29.2
v14.3.0
v14.30.0
v14.31.0
v14.32.0
v14.32.1
v14.33.0
v14.33.1
v14.34.0
v14.35.0
v14.36.0
v14.36.1
v14.36.2
v14.36.3
v14.37.0
v14.37.1
v14.38.0
v14.38.1
v14.38.2
v14.38.3
v14.39.0
v14.4.0
v14.4.1
v14.4.2
v14.4.3
v14.40.0
v14.40.1
v14.40.2
v14.40.3
v14.41.0
v14.42.0
v14.43.0
v14.43.1
v14.44.0
v14.45.0
v14.46.0
v14.47.0
v14.47.1
v14.47.2
v14.48.0
v14.48.1
v14.49.0
v14.5.0
v14.50.0
v14.51.0
v14.52.0
v14.52.1
v14.52.2
v14.53.0
v14.53.1
v14.53.2
v14.54.0
v14.54.1
v14.55.0
v14.55.1
v14.56.0
v14.56.1
v14.57.0
v14.58.0
v14.59.0
v14.6.0
v14.60.0
v14.61.0
v14.62.0
v14.62.1
v14.62.2
v14.62.3
v14.62.4
v14.63.0
v14.64.0
v14.65.0
v14.66.0
v14.66.1
v14.66.2
v14.66.3
v14.67.0
v14.67.1
v14.68.0
v14.68.1
v14.68.2
v14.69.0
v14.7.0
v14.70.0
v14.71.0
v14.72.0
v14.73.0
v14.74.0
v14.74.1
v14.75.0
v14.76.0
v14.76.1
v14.76.2
v14.77.0
v14.77.1
v14.77.2
v14.77.3
v14.77.4
v14.77.5
v14.77.6
v14.77.7
v14.78.0
v14.78.1
v14.78.2
v14.79.0
v14.79.1
v14.8.0
v14.80.0
v14.80.1
v14.81.0
v14.81.1
v14.81.2
v14.81.3
v14.81.4
v14.81.5
v14.81.6
v14.82.0
v14.82.1
v14.82.2
v14.83.0
v14.84.0
v14.85.0
v14.85.1
v14.85.2
v14.86.0
v14.87.0
v14.88.0
v14.88.1
v14.89.0
v14.89.1
v14.9.0
v14.90.0
v14.91.0
v14.92.0
v14.93.0
v14.93.1
v14.93.2
v14.93.3
v14.94.0
v14.94.1
v14.94.2
v14.94.3
v14.95.0
v14.95.1
v14.95.2
v14.95.3
v14.96.0
v14.96.1
v14.96.2
v14.96.3
v14.96.4
v14.96.5
v14.96.6
v14.96.7
v14.96.8
v14.96.9
v15.*
v15.0.0
v15.0.1
v15.0.2
v15.1.0
v15.10.0
v15.11.0
v15.12.0
v15.13.0
v15.14.0
v15.14.1
v15.15.0
v15.16.0
v15.16.1
v15.17.0
v15.17.1
v15.17.2
v15.17.3
v15.18.0
v15.18.1
v15.18.2
v15.19.0
v15.19.1
v15.2.0
v15.2.1
v15.20.0
v15.21.0
v15.22.0
v15.23.0
v15.24.0
v15.24.1
v15.25.0
v15.26.0
v15.27.0
v15.28.0
v15.29.0
v15.29.1
v15.29.2
v15.3.0
v15.30.0
v15.31.0
v15.32.0
v15.33.0
v15.33.1
v15.33.2
v15.33.3
v15.34.0
v15.34.1
v15.35.0
v15.36.0
v15.36.1
v15.37.0
v15.38.0
v15.39.0
v15.39.1
v15.39.2
v15.4.0
v15.4.1
v15.40.0
v15.40.1
v15.40.2
v15.40.3
v15.40.4
v15.40.5
v15.40.6
v15.41.0
v15.42.0
v15.43.0
v15.44.0
v15.44.1
v15.44.2
v15.45.0
v15.45.1
v15.46.0
v15.47.0
v15.47.1
v15.47.2
v15.48.0
v15.48.1
v15.49.0
v15.49.1
v15.5.0
v15.50.0
v15.50.1
v15.51.0
v15.51.1
v15.51.2
v15.52.0
v15.53.0
v15.54.0
v15.54.1
v15.55.0
v15.55.1
v15.55.2
v15.56.0
v15.56.1
v15.57.0
v15.57.1
v15.57.2
v15.58.0
v15.58.1
v15.59.0
v15.6.0
v15.6.1
v15.60.0
v15.61.0
v15.62.0
v15.63.0
v15.63.1
v15.64.0
v15.65.0
v15.65.1
v15.65.2
v15.66.0
v15.66.1
v15.67.0
v15.68.0
v15.68.1
v15.69.0
v15.69.1
v15.69.2
v15.69.3
v15.7.0
v15.70.0
v15.71.0
v15.8.0
v15.8.1
v15.9.0