A vulnerability has been found in Frappe LMS 2.35.0 affecting the unpublished course handler. This leads to improper access controls, with high complexity and difficult exploitability. The vendor has fixed multiple security issues; however, release notes do not mention them.
CVE-2025-11281
🟡 Medium
CVE-2025-11281: Vulnerability in Frappe LMS 2.35.0
A vulnerability in Frappe LMS 2.35.0 allows for improper access controls through an unpublished course handler. Remote exploitation is possible.
CVE ID
CVE-2025-11281
CVSS Score
5.0
Vendor
unknown
Published
Oct 05
Vulnerability Details
- CVE ID
- CVE-2025-11281
- Severity
- Medium
- CVSS v3 Score
- 5.0 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 05, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners