Information disclosure in Frappe Lms

CVE-2025-64705

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41…

Vulnerability class: Information Disclosure

EPSS: 0.000 (11.9th percentile) — read the EPSS interpretation.

Affected products

Frappe Lms — versions >= 2.0.0, < 2.41.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/frappe/lms/security/advisories/GHSA-qrvv-6g7r-g3v8 (x_refsource_CONFIRM)