CVE-2025-64707
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-17

Assigner: GitHub, Inc.

Description
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is cleared after roles are updated.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-17
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64707
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
frappe learning From 2.0.0 (inc) to 2.41.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Frappe Learning versions from 2.0.0 up to but not including 2.41.0 occurs because when an admin revokes a role from a user, the change does not take effect immediately due to caching. The cache was not cleared after role updates, causing a delay in the revocation's effect. This issue was fixed in version 2.41.0 by ensuring the cache is cleared after roles are updated.

Impact Analysis

The vulnerability can impact you by allowing users to retain permissions or roles temporarily even after an admin has revoked them, due to caching delays. This means that access control changes are not enforced immediately, potentially allowing unauthorized access or actions during the caching period.

Mitigation Strategies

Upgrade Frappe Learning to version 2.41.0 or later, as this version includes a fix that ensures the cache is cleared immediately after roles are updated, preventing the delay in role revocation effects.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64707. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart