Home > Vulnerability Database > CVE-2025-64705

Mend.io Vulnerability Database

CVE-2025-64705

Good to know:

Date: November 12, 2025

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41.0 by ensuring proper roles and redirecting if accessed via direct URL.

Severity Score

4.3

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-64705

Url: https://github.com/frappe/lms/security/advisories/GHSA-qrvv-6g7r-g3v8

Url: https://www.mend.io/vulnerability-database/CVE-2025-64705

Severity Score

4.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-64705

Good to know:

Date: November 12, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?