A flaw has been discovered in Frappe LMS 2.35.0 affecting the Assignment Picture Handler. This vulnerability allows for direct requests, which may be exploited remotely. The complexity of the attack is rated high, and while exploitation is considered difficult, the method has been published. Users are advised to upgrade the affected component. The vendor was notified of multiple security issues and confirmed fixes, though not detailed in the GitHub release notes.
CVE-2025-11280
🔵 Low
CVE-2025-11280: Flaw in Frappe LMS 2.35.0
A flaw in Frappe LMS 2.35.0's Assignment Picture Handler allows for direct requests, posing a high complexity remote attack risk. Users should upgrade.
CVE ID
CVE-2025-11280
CVSS Score
3.7
Vendor
unknown
Published
Oct 05
Vulnerability Details
- CVE ID
- CVE-2025-11280
- Severity
- Low
- CVSS v3 Score
- 3.7 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 05, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners