CVE-2025-67730 is an improper input neutralization vulnerability classified under CWE-79 (Cross-site Scripting) affecting the Frappe Learning Management System (LMS) prior to version 2.42.0. The flaw allows authenticated users to inject malicious HTML and JavaScript code into description fields within the Job, Course, and Batch forms. When other users view these fields, the injected scripts can execute in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim user. The vulnerability arises due to insufficient sanitization and encoding of user-supplied input before rendering it in web pages. The attack vector is network-based, requiring the attacker to have authenticated access to the LMS and some level of user interaction to trigger the malicious payload. The CVSS 4.0 vector indicates low attack complexity and no privileges required beyond authentication, with partial impacts on confidentiality and integrity but no impact on availability. The issue was publicly disclosed on December 12, 2025, and fixed in version 2.42.0 of Frappe LMS. No known exploits have been reported in the wild, but the vulnerability poses a risk to organizations relying on this LMS for educational content management. The vulnerability underscores the critical need for secure coding practices, especially in web applications handling user-generated content.

For European organizations, exploitation of this vulnerability could lead to unauthorized disclosure of sensitive information, such as session tokens or personal data, through malicious script execution. This can compromise user accounts and lead to further attacks within the LMS environment or connected systems. Integrity of data can also be affected if attackers manipulate content or perform unauthorized actions via the victim’s session. Educational institutions and corporate training platforms using Frappe LMS may face reputational damage, regulatory scrutiny under GDPR for data breaches, and operational disruptions if user trust is eroded. Although availability is not directly impacted, the indirect consequences of compromised user accounts and data integrity could lead to service interruptions or increased support costs. The requirement for authentication limits the attack surface but does not eliminate risk, especially in environments with many users or weak access controls. The medium severity rating suggests moderate urgency in patching and mitigation to prevent exploitation.

European organizations should immediately upgrade Frappe LMS to version 2.42.0 or later to remediate the vulnerability. Until patching is complete, implement strict input validation and output encoding on all user-supplied content fields, especially the description fields in Job, Course, and Batch forms. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Limit user permissions to reduce the number of users who can input HTML/JavaScript content, and monitor logs for unusual activity related to content submissions. Conduct security awareness training to inform users about the risks of XSS and safe usage practices. Regularly audit LMS configurations and user roles to ensure least privilege principles are enforced. Consider deploying web application firewalls (WAFs) with rules to detect and block XSS payloads targeting the LMS. Finally, maintain an incident response plan to quickly address any suspected exploitation.