CVE-2025-67730 is a cross-site scripting (XSS) vulnerability classified under CWE-79, affecting the Frappe Learning Management System (LMS) prior to version 2.42.0. The vulnerability arises from improper neutralization of input during web page generation, specifically in the description fields of Job, Course, and Batch forms. Authenticated users with low privileges can inject malicious HTML and JavaScript code into these fields, which is then rendered without adequate sanitization when viewed by other users. This allows attackers to execute arbitrary scripts in the context of victims' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions within the LMS environment. The vulnerability does not require elevated privileges or administrative access but does require the attacker to be authenticated and for victims to interact with the malicious content. The CVSS 4.0 base score is 5.1 (medium severity), reflecting the network attack vector, low attack complexity, no privileges required beyond authentication, and user interaction needed. The vulnerability does not affect system availability but impacts confidentiality and integrity to a limited extent. The issue was publicly disclosed on December 12, 2025, and fixed in version 2.42.0 of Frappe LMS. No known exploits have been reported in the wild at the time of publication.

For European organizations, this vulnerability poses a moderate risk primarily to educational institutions and enterprises using Frappe LMS for training and content management. Successful exploitation could allow attackers to execute malicious scripts within the LMS user sessions, potentially leading to theft of user credentials, unauthorized access to sensitive learning materials, or manipulation of LMS data. This could disrupt learning activities, compromise user privacy, and damage organizational reputation. Since the vulnerability requires authenticated access, insider threats or compromised user accounts could be leveraged to exploit it. The impact is heightened in environments where LMS access controls are weak or where users have elevated privileges. Additionally, the presence of malicious scripts could facilitate phishing or social engineering attacks targeting LMS users. Although no availability impact is expected, the integrity and confidentiality of LMS data are at risk, which could have regulatory implications under GDPR if personal data is exposed or manipulated.

European organizations should immediately upgrade Frappe LMS to version 2.42.0 or later to remediate this vulnerability. Until patching is complete, implement strict input validation and sanitization on all user-supplied content fields, especially the description fields in Job, Course, and Batch forms. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the LMS web interface. Limit user privileges to the minimum necessary to reduce the risk of malicious input from authenticated users. Conduct regular audits of LMS content for suspicious or unauthorized HTML/JavaScript injections. Educate LMS users about the risks of interacting with untrusted content and encourage reporting of unusual behavior. Monitor LMS logs for signs of exploitation attempts or anomalous activity. Consider deploying web application firewalls (WAFs) with rules targeting XSS attack patterns specific to Frappe LMS. Finally, ensure that incident response plans include procedures for handling LMS-related security incidents.