CVE-2025-52048 | Frappe up to 14.96.9/15.71.x tag.py add_tag dt sql injection (GHSA-mggw-6xqj-rphj)

A vulnerability was found in Frappe up to 14.96.9/15.71.x. It has been classified as critical. This issue affects the function add_tag of the file frappe/desk/doctype/tag/tag.py. The manipulation of the argument dt leads to sql injection.

This vulnerability is traded as CVE-2025-52048. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More