CVE 9.8 CRITICAL

CVE-2025-66440_CVE-2025-66440

December 16, 2025 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_documents() at erpnext/accounts/doctype/payment_entry/payment_entry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the to_posting_date parameter, which is directly interpolated into the query without proper sanitization or parameter binding.

AI Analysis

SQL Injection vulnerability in ERPNext through 15.89.0, allowing attackers to extract arbitrary data from the database.

Basic Information

ID CVE-2025-66440

Source mitre

Published Dec 15, 2025 at 00:00

Modified Dec 16, 2025 at 15:25

Affected Product

Vendor Frappe

Product ERPNext

Version 15.89.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Frappe

Product ERPNext

Version 15.89.0

References

{
    "lastseen": "",
    "description": "An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_documents() at erpnext/accounts/doctype/payment_entry/payment_entry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the to_posting_date parameter, which is directly interpolated into the query without proper sanitization or parameter binding.",
    "published": "2025-12-15T00:00:00.000Z",
    "modified": "2025-12-16T15:25:19.698Z",
    "type": "cve",
    "title": "CVE-2025-66440",
    "source": "mitre",
    "references": "https://github.com/frappe/frappe/security\nhttps://iamanc.github.io/post/erpnext-sqli",
    "id": "CVE-2025-66440",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ERPNext",
    "version": "15.89.0",
    "vendor": "Frappe",
    "ai_description": "SQL Injection vulnerability in ERPNext through 15.89.0, allowing attackers to extract arbitrary data from the database.",
    "ai_severity": "Critical",
    "ai_vendor": "Frappe",
    "ai_product": "ERPNext",
    "ai_version": "15.89.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply