CVE-2025-52048

Summary

In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the function add_tag() at frappe/desk/doctype/tag/tag.py is vulnerable to SQL Injection, which allows an attacker to extract information from databases by injecting a SQL query into the dt parameter.

Affected Software

VendorProductVersion RangeStatus
n/an/an/aaffected

Weaknesses

  • n/a

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References