CVE-2025-67289
π¨ CRITICALAn arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.
Description
Request Expert ReviewAn arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.
CVSS Scores
References
Additional Information
- Source
- cve@mitre.org
- State
- Undergoing analysis
Related CVEs
CVE-2026-0837
HIGHA vulnerability was identified in UTT θΏε 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of...
CVE-2026-0836
HIGHA vulnerability was determined in UTT θΏε 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW...
CVE-2025-15505
LOWA vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The...
CVE-2026-0824
LOWA security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results...
CVE-2026-0822
MEDIUMA vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The mani...
CVE-2025-13393
MEDIUMThe Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This...
Share CVE-2025-67289
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2025-67289 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!