cbcvebase.
CVE-2025-65267
published 2025-12-03

CVE-2025-65267: In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The…

PriorityP343critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
EPSS
0.29%
20.7th percentile
In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload executes when an administrator clicks the image link to view the avatar, resulting in stored cross-site scripting (XSS). Successful exploitation may lead to account takeover, privilege escalation, or full compromise of the affected ERPNext instance.

Affected

2 ranges
VendorProductVersion rangeFixed in
frappeerpnext
frappefrappe
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.