CVE-2025-67734 is a cross-site scripting (XSS) vulnerability classified under CWE-79, affecting the Frappe Learning Management System (LMS) prior to version 2.42.0. The flaw arises from improper neutralization of input during web page generation, specifically in the Company Website field of the Job Form. Authenticated attackers can inject arbitrary JavaScript code into this field, which is then rendered unsanitized in the job posting pages. When other users access these pages, the malicious script executes in their browsers, potentially allowing session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability does not require elevated privileges beyond authentication, nor does it require the victim to perform any action other than viewing the compromised job posting. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required beyond authentication, and user interaction needed (viewing the page). The impact on confidentiality and integrity is limited but non-negligible, as the attacker can execute scripts in the context of the victim’s browser session. No known exploits are currently reported in the wild. The issue was publicly disclosed on December 12, 2025, and fixed in version 2.42.0 of Frappe LMS. Organizations running earlier versions are vulnerable and should upgrade promptly.

For European organizations, this vulnerability poses a risk primarily to educational institutions, training providers, and enterprises using Frappe LMS for content delivery and job postings. Successful exploitation could lead to theft of user credentials, session tokens, or sensitive information accessible via the browser, undermining user trust and potentially leading to unauthorized access to internal systems. The attack vector requires attacker authentication, which limits exposure but does not eliminate risk, especially in environments with many users or weak account controls. The vulnerability could also be leveraged for phishing or social engineering campaigns by injecting misleading content. Given the widespread use of LMS platforms in Europe’s education sector and corporate training, the impact could disrupt learning operations and compromise personal data protected under GDPR. Although no active exploits are known, the presence of this vulnerability increases the attack surface and could be targeted by opportunistic attackers or insiders.

European organizations should immediately upgrade all Frappe LMS instances to version 2.42.0 or later to remediate the vulnerability. Until upgrades are completed, administrators should restrict access to the Job Form to trusted users only and monitor for suspicious input or unusual activity. Implementing web application firewalls (WAFs) with custom rules to detect and block JavaScript injection attempts in form fields can provide temporary protection. Additionally, enforcing strong authentication mechanisms and session management policies reduces the risk of attacker account misuse. Regular security audits and user training on recognizing suspicious job postings can help mitigate social engineering risks. Organizations should also review and sanitize all user-generated content before display, applying context-aware output encoding to prevent XSS. Finally, monitoring logs for anomalous behavior related to job postings and user sessions can aid in early detection of exploitation attempts.