Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

July 1, 2025

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

The Frappe Framework, a widely used full-stack application platform that powers ERPNext, has been found vulnerable to three security issues, potentially affecting thousands of self-hosted deployments. …

Published Date:
Jul 02, 2025 (3 hours, 31 minutes ago)

Vulnerabilities has been mentioned in this article.

Source: Read More

Previous ArticleGraylog Flaw (CVE-2025-53106, CVSS 8.8): Privilege Escalation Via API Token Abuse

Next Article Pilz IndustrialPI 4 Alert: Critical Flaws (CVE-2025-41656 CVSS 10.0 RCE, CVE-2025-41648 Auth Bypass) Expose Industrial PCs

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

The impact of gray work on software development

CSS Intelligence: Speculating On The Future Of A Smarter Language

Hallucinated code, real threat: How slopsquatting targets AI-assisted development

Xbox is cancelling Rare’s ‘Everwild’ and ZeniMax’s new MMORPG IP as part of broader cuts — with ‘Perfect Dark’ impacted as well

Microsoft is closing down Xbox studio The Initiative, with Perfect Dark killed as well — joining Everwild and ZeniMax’s new IP, and other unannounced projects

No, Microsoft and Xbox’s Phil Spencer isn’t stepping down any time soon — here’s the truth

Everwild’s cancellation has me worried for one of my favorite dev teams and Xbox itself — It needs creative new games to thrive and refresh its identity

Trust but Verify: The Curious Case of AI Hallucinations

Trust but Verify: The Curious Case of AI Hallucinations

From Flow to Fabric: Connecting Power Automate to Microsoft Fabric

Flutter Web Hot Reload Has Landed – No More Refreshes!

Xbox is cancelling Rare’s ‘Everwild’ and ZeniMax’s new MMORPG IP as part of broader cuts — with ‘Perfect Dark’ impacted as well

Xbox is cancelling Rare’s ‘Everwild’ and ZeniMax’s new MMORPG IP as part of broader cuts — with ‘Perfect Dark’ impacted as well

Microsoft is closing down Xbox studio The Initiative, with Perfect Dark killed as well — joining Everwild and ZeniMax’s new IP, and other unannounced projects

No, Microsoft and Xbox’s Phil Spencer isn’t stepping down any time soon — here’s the truth

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

Cisco scores a perfect 10 – sadly for a critical flaw in its comms platform

Linux Servers Hijacked: Attackers Install Legitimate Proxy Software for Covert Operations

CVE-2025-46204 – Apache Unifiedtransform Privilege Escalation Vulnerability

Generative AI Development: Powering the Next Wave of Smart, Creative Applications✨

Supercharge your development with Claude Code and Amazon Bedrock prompt caching

CVE-2025-5443 – “Linksys Wireless Router Os Command Injection Vulnerability”

4 ways your organization can adapt and thrive in the age of AI

CVE-2025-48368 – Group-Office DOM-Based Cross-Site Scripting Vulnerability

CVE-2024-12378 – Arista EOS Unencrypted VxLAN Tunnel Exposure

CVE-2025-6710 – MongoDB Server JSON Parsing Stack Overflow Vulnerability

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

Related Posts