CVE-2025-62407
BaseFortify
Publication date: 2025-10-16
Last updated on: 2025-10-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| frappe | frappe | to 14.98.0 (exc) |
| frappe | frappe | From 15.0.0 (inc) to 15.83.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an open redirect issue in the Frappe web application framework. Before versions 14.98.0 and 15.83.0, an attacker could exploit the redirect argument on the login page by passing a specific type of URL, causing the application to redirect users to potentially malicious sites. This could be used to trick users into visiting harmful websites.
How can this vulnerability impact me? :
The open redirect vulnerability can lead to users being redirected to malicious websites, which may result in phishing attacks, credential theft, or other social engineering exploits. It can undermine user trust and potentially expose users to further security risks.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Frappe to version 14.98.0 or later, or 15.83.0 or later, where the open redirect vulnerability has been fixed.