A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Jun 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Frappe
Frappe erpnext |
|
CPEs | cpe:2.3:a:frappe:erpnext:14.74.3:*:*:*:*:*:*:* cpe:2.3:a:frappe:erpnext:14.82.1:*:*:*:*:*:*:* |
|
Vendors & Products |
Frappe
Frappe erpnext |
Tue, 13 May 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-352 | |
Metrics |
cvssV3_1
|
Mon, 05 May 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-05-05T00:00:00.000Z
Updated: 2025-05-13T19:10:01.268Z
Reserved: 2025-03-11T00:00:00.000Z
Link: CVE-2025-28062

Updated: 2025-05-13T19:09:38.855Z

Status : Analyzed
Published: 2025-05-05T16:15:51.310
Modified: 2025-06-17T14:13:04.563
Link: CVE-2025-28062

No data.