CVE-2025-30217: 
Python vulnerability analysis and mitigation

Frappe is a full-stack web application framework that was found to contain a SQL Injection vulnerability prior to versions 14.93.2 and 15.55.0. The vulnerability was discovered and disclosed on March 26, 2025, affecting all versions of the Frappe Framework before the patched versions. This security issue could potentially allow malicious actors to access sensitive information through specially crafted requests (NVD, GitHub Advisory).

The vulnerability has been assigned CVE-2025-30217 and received a CVSS v4.0 base score of 6.6 (Medium) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U. The vulnerability is classified as CWE-89 (SQL Injection), indicating improper neutralization of special elements used in SQL commands (NVD).

The vulnerability could allow malicious actors to access sensitive information through SQL injection attacks. The high value for Vulnerability Confidentiality (VC:H) in the CVSS score indicates significant potential for unauthorized access to sensitive data (NVD).

The vulnerability has been patched in Frappe Framework versions 14.93.2 and 15.55.0. No alternative workarounds are available, making upgrading to a patched version the only solution (NVD).