CVE-2025-11461 – Frappe CRM 1.53.1 — Multiple SQL Injections in Dashboard Controller

CVE ID : CVE-2025-11461

Published : Nov. 26, 2025, 5:45 p.m. | 37 minutes ago

Description : Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.
This issue affects Frappe CRM: 1.53.1.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…