CVE-2025-62407 – Frappe has an Open Redirect on Login Page

CVE ID : CVE-2025-62407

Published : Oct. 16, 2025, 6:15 p.m. | 25 minutes ago

Description : Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0, an open redirect was possible through the redirect argument on the login page, if a specific type of URL was passed in. This vulnerability is fixed in 14.98.0 and 15.83.0.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…