CVE-2025-59421 – Press vulnerable to email flooding to users due to lack of validation and rate limits

CVE ID : CVE-2025-59421

Published : Sept. 18, 2025, 2:42 p.m. | 18 minutes ago

Description : Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). A bad actor can flood the inbox of a user by repeatedly sending invites (duplicate). The issue is fixed in commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…