CVE-2025-55006HIGH 8.8EPSS p15.4%

CVE-2025-55006CVE-2025-55006

Description

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content. Malicious SVG files could be used to execute arbitrary scripts in the context of other users. A fix for this issue is planned for version 2.34.0.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.24% probability of exploitation · percentile 15.4% · 2026-06-19T12:03:05Z
Published2025-08-09
Last modified2025-10-06

Underlying weaknesses· 1

CWE-20

References

  1. https://github.com/frappe/lms/security/advisories/GHSA-mvxw-r9x4-3vrr

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-46546
CVE
CVE-2025-30213
CVE
CVE-2025-67289
CVE
CVE-2025-65267
CVE
CVE-2025-68929
CVE
CVE-2025-56515
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.