CVE-2025-52048 is a SQL Injection vulnerability identified in the Frappe framework versions 15.x.x prior to 15.72.0 and 14.x.x prior to 14.96.10. The vulnerability exists in the add_tag() function located in the file frappe/desk/doctype/tag/tag.py. Specifically, the issue arises from improper sanitization or validation of the 'dt' parameter, which is used in SQL queries. An attacker can exploit this flaw by injecting malicious SQL code into the 'dt' parameter, enabling unauthorized extraction of sensitive information from the underlying database. This type of vulnerability can lead to data leakage, unauthorized data access, and potentially further compromise of the affected system depending on the database privileges and the environment configuration. Although no known exploits are reported in the wild as of the publication date, the vulnerability is publicly disclosed and patched in versions 15.72.0 and 14.96.10, indicating that attackers could develop exploits if systems remain unpatched. The lack of a CVSS score means severity must be assessed based on the nature of the vulnerability, its impact on confidentiality, integrity, and availability, and the ease of exploitation. Since this is a classic SQL Injection vulnerability affecting a widely used open-source web application framework, it poses a significant risk if exploited.

For European organizations using the Frappe framework, especially those running versions prior to the patched releases, this vulnerability could lead to unauthorized disclosure of sensitive business data, customer information, or intellectual property stored in the database. The impact is particularly critical for organizations in sectors such as finance, healthcare, government, and e-commerce, where data confidentiality and integrity are paramount. Exploitation could result in data breaches, regulatory non-compliance (e.g., GDPR violations), reputational damage, and financial losses. Additionally, attackers might leverage the SQL Injection to escalate privileges or pivot to other parts of the network, increasing the scope of compromise. Given the widespread adoption of Frappe in enterprise resource planning (ERP) and business process management applications, the threat is material for European companies relying on these systems for daily operations.

European organizations should immediately verify their Frappe framework versions and upgrade to at least 15.72.0 or 14.96.10 where the vulnerability is patched. If immediate upgrading is not feasible, organizations should implement strict input validation and sanitization on the 'dt' parameter at the application level to prevent injection of malicious SQL code. Employing Web Application Firewalls (WAFs) with rules targeting SQL Injection patterns can provide temporary protection. Additionally, database access privileges should be minimized following the principle of least privilege to limit the potential damage from exploitation. Regular security audits and code reviews focusing on input handling in customizations or extensions of Frappe are recommended. Monitoring logs for unusual database queries or errors related to the 'dt' parameter can help detect attempted exploitation. Finally, organizations should ensure that backups are current and tested to enable recovery in case of data compromise.