CVE-2025-11280
A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. It is advisable to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.
Vendor
Product
CWE
Yayın Tarihi
2025-10-05 04:15:35
Güncelleme
2025-10-07 20:35:01
Source Identifier
cna@vuldb.com
KEV Date Added
-
Kategoriler
Referanslar
https://gist.github.com/0xHamy/beb840a754f50a7ee6500600147a6ac1
https://gist.github.com/0xHamy/beb840a754f50a7ee6500600147a6ac1#steps-to-reproduce
https://vuldb.com/?ctiid.327014
https://vuldb.com/?id.327014
https://vuldb.com/?submit.659694
https://gist.github.com/0xHamy/beb840a754f50a7ee6500600147a6ac1
https://gist.github.com/0xHamy/beb840a754f50a7ee6500600147a6ac1#steps-to-reproduce
https://vuldb.com/?submit.659694