CVE-2025-55006 — MEDIUM (4.3)

Q: How severe is CVE-2025-55006?

CVE-2025-55006 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-55006?

Check the references section above for vendor advisories and patch information. Affected products include: Frappe Learning.

Vulnerability Description

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content. Malicious SVG files could be used to execute arbitrary scripts in the context of other users. A fix for this issue is planned for version 2.34.0.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Frappe	Learning	>= 2.0.0, < 2.34.0

Related Weaknesses (CWE)

CWE-20

References

https://github.com/frappe/lms/security/advisories/GHSA-mvxw-r9x4-3vrrVendor Advisory

FAQ

What is CVE-2025-55006?

CVE-2025-55006 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed...

How severe is CVE-2025-55006?

CVE-2025-55006 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-55006?

Check the references section above for vendor advisories and patch information. Affected products include: Frappe Learning.