cbcvebase.
CVE-2025-58439
published 2025-09-06

CVE-2025-58439: ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left…

PriorityP354critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.29%
20.8th percentile
ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left certain endpoints vulnerable to error-based SQL Injection. Some information like version could be retrieved. This issue is fixed in versions 14.89.2 and 15.76.0.

Affected

3 ranges
VendorProductVersion rangeFixed in
frappeerpnext< 14.89.214.89.2
frappeerpnext
frappeerpnext>= 15.0.0 < 15.76.015.76.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.