Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-r58s-tawh-ayc1
SummaryFrappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users are safe. This issue has been patched in versions 14.94.3 and 15.58.0. Workarounds for this issue involve verifying password reset URLs before clicking on them or upgrading for self hosted users.
Aliases
0
alias CVE-2025-52898
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52898
reference_id
reference_type
scores
0
value 0.00379
scoring_system epss
scoring_elements 0.59837
published_at 2026-06-11T12:55:00Z
1
value 0.00379
scoring_system epss
scoring_elements 0.59947
published_at 2026-06-14T12:55:00Z
2
value 0.00379
scoring_system epss
scoring_elements 0.59956
published_at 2026-06-13T12:55:00Z
3
value 0.00379
scoring_system epss
scoring_elements 0.59945
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52898
1
reference_url https://github.com/frappe/frappe/pull/31522
reference_id 31522
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-30T18:01:08Z/
url https://github.com/frappe/frappe/pull/31522
2
reference_url https://github.com/frappe/frappe/commit/52e31337a6c964189c8b883a2f7bc3a28ab374f2
reference_id 52e31337a6c964189c8b883a2f7bc3a28ab374f2
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-30T18:01:08Z/
url https://github.com/frappe/frappe/commit/52e31337a6c964189c8b883a2f7bc3a28ab374f2
3
reference_url https://github.com/frappe/frappe/commit/5b4849b1ab5fd796b306312745b4e202b0e90d66
reference_id 5b4849b1ab5fd796b306312745b4e202b0e90d66
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-30T18:01:08Z/
url https://github.com/frappe/frappe/commit/5b4849b1ab5fd796b306312745b4e202b0e90d66
4
reference_url https://github.com/frappe/frappe/security/advisories/GHSA-p284-r7rh-wq7j
reference_id GHSA-p284-r7rh-wq7j
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-30T18:01:08Z/
url https://github.com/frappe/frappe/security/advisories/GHSA-p284-r7rh-wq7j
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Exploits
Severity_range_score8.7 - 8.7
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-r58s-tawh-ayc1