CVE-2025-11280 | Frappe LMS 2.35.0 Assignment Picture /files/ direct request

A vulnerability, which was classified as problematic, has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request.

This vulnerability appears as CVE-2025-11280. The attack may be initiated remotely. In addition, an exploit is available.

It is advisable to upgrade the affected component.

The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.VulDB Recent EntriesRead More