Vulnerability in Frappe Lms

CVE-2025-62778

Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL.

EPSS: 0.000 (12.7th percentile) — read the EPSS interpretation.

Affected products

Frappe Lms — versions <= 2.39.1

Weakness classification (CWE)

CWE-425 — Direct Request (Forced Browsing)

References

https://github.com/frappe/lms/security/advisories/GHSA-8xvv-6v89-xxgx (x_refsource_CONFIRM)
https://github.com/frappe/lms/commit/8749e21744547ae32f729bde05c854113e126750 (x_refsource_MISC)