CVE-2025-11281 | Frappe LMS 2.35.0 Unpublished Course /courses/ access control

A vulnerability, which was classified as critical, was found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper access controls.

This vulnerability is traded as CVE-2025-11281. The attack may be launched remotely. Furthermore, there is an exploit available.

You should upgrade the affected component.

The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.VulDB Recent EntriesRead More