CVE-2025-64705

EUVD-2025-150361
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41.0 by ensuring proper roles and redirecting if accessed via direct URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
frappelearning
2.0.0 ≤
𝑥
< 2.41.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/frappe/lms/security/advisories/GHSA-qrvv-6g7r-g3v8