CVE-2025-53545

Vulnerability Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit ddb439f8eb1816010f2ef653a908648b71f9bba8.

Related Weaknesses (CWE)

CWE-287

References

https://github.com/frappe/press/commit/ddb439f8eb1816010f2ef653a908648b71f9bba8
https://github.com/frappe/press/security/advisories/GHSA-fwfh-vhjg-45q4

FAQ

What is CVE-2025-53545?

CVE-2025-53545 is a documented vulnerability. Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Users can circumvent 2FA login for users due to a lack of server...

How severe is CVE-2025-53545?

CVSS scoring is not yet available for CVE-2025-53545. Check NVD for updates.

Is there a patch for CVE-2025-53545?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.