1. Home
  2. CVE Database
  3. CVE-2025-65924
MEDIUM · 4.1

CVE-2025-65924

ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically `<a>` hyperlinks in fields that are intended for plain text. Although JavaScript is blocked (preventing XSS), the HTML i...

Vulnerability Description

ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically `<a>` hyperlinks in fields that are intended for plain text. Although JavaScript is blocked (preventing XSS), the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable links into an ERP-generated PDF. Since PDF files generated by the ERP system are generally considered trustworthy, users are highly likely to click these links, potentially enabling phishing attacks or malware delivery. This issue occurs in the Add Quality Goal' function.

CVSS Score

4.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
FrappeErpnext<= 15.88.1

Related Weaknesses (CWE)

CWE-80

References

FAQ

What is CVE-2025-65924?

CVE-2025-65924 is a vulnerability with a CVSS score of 4.1 (MEDIUM). ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically `<a>` hyperlinks in fields that are intended for plain text. Although JavaScript is blocked (preventing XSS), the HTML i...

How severe is CVE-2025-65924?

CVE-2025-65924 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65924?

Check the references section above for vendor advisories and patch information. Affected products include: Frappe Erpnext.