← voltar
CVE-2025-53545

Press has a potential 2FA bypass

CVSS 6.9 MEDIUMEPSS 0.3%CWE-287
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit ddb439f8eb1816010f2ef653a908648b71f9bba8.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
frappe · press

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/frappe/press/commit/ddb439f8eb1816010f2ef653a908648b71f9bba8https://github.com/frappe/press/security/advisories/GHSA-fwfh-vhjg-45q4