CVE-2025-52050 | Frappe ERPNext 15.57.5 loyalty_program.py get_loyalty_program_details_with_points expiry_date sql injection

A vulnerability has been found in Frappe ERPNext 15.57.5 and classified as critical. The impacted element is the function get_loyalty_program_details_with_points of the file erpnext/accounts/doctype/loyalty_program/loyalty_program.py. The manipulation of the argument expiry_date leads to sql injection.

This vulnerability is traded as CVE-2025-52050. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More