CVE-2025-52042 | Frappe ERPNext 15.57.5 request_for_quotation.py get_rfq_containing_supplier txt sql injection

A vulnerability marked as critical has been reported in Frappe ERPNext 15.57.5. Affected by this vulnerability is the function get_rfq_containing_supplier of the file erpnext/buying/doctype/request_for_quotation/request_for_quotation.py. The manipulation of the argument txt leads to sql injection.

This vulnerability is referenced as CVE-2025-52042. Remote exploitation of the attack is possible. No exploit is available.

Applying a patch is the recommended action to fix this issue.VulDB Recent EntriesRead More