→

CVE-2025-30214: Frappe vulnerable to information disclosure leading to account takeover

Impact

Making crafted requests could lead to information disclosure that could further lead to account takeover.

Workarounds

There's no workaround to fix this without upgrading.

Credits

Thanks to Thanh of Calif.io for reporting the issue

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-30214

CVE-2025-30214:

8

CVSS Score

4.0

-

CVSS Score

-

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
frappe	pip
frappe	pip

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability involves information disclosure leading to account takeover (CWE-200). This typically occurs in authentication/authorization flows. The 'forgot_password' function is a prime candidate because password reset token leakage would directly enable account takeover. The 'get_user_info' function is another likely target, as improper session/user data exposure could provide attackers with credentials or session tokens. Both align with the described attack vector (crafted network requests) and high confidentiality/integrity impacts in the CVSS metrics. While explicit patch details are unavailable, these functions are central to authentication flows and match the vulnerability's technical narrative.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-30214: Frappe vulnerable to information disclosure leading to account takeover

Impact

Workarounds

Credits

CVE-2025-30214:

8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

8

8

CVE-2025-30214: Frappe vulnerable to information disclosure leading to account takeover

Impact

Workarounds

Credits

8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-30214: Frappe vulnerable to information disclosure leading to account takeover

Impact

Workarounds

Credits

CVE-2025-30214:

8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

8

8

CVE-2025-30214: Frappe vulnerable to information disclosure leading to account takeover

Impact

Workarounds

Credits

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI