CVE-2025-11439
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-08

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named 11d97d78f2de2cb49f79baed6bde8b611ec1f384. It is recommended to apply a patch to fix this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-08
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11439
EUVD
EUVD-2025-31839
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jhumanj opnform to 1.9.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11439 is an authorization bypass vulnerability in JhumanJ OpnForm versions up to 1.9.3. It affects the /show/integrations endpoint, where missing proper authorization checks allow an attacker to remotely access protected resources without the required privileges. Specifically, a low-privileged user can access integration details, such as webhook URLs, that should be restricted to higher privilege users. This flaw enables unauthorized data access due to improper access control. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing remote attackers with low privileges to access sensitive integration information, such as webhook URLs, that should be restricted. This unauthorized access can lead to confidentiality breaches, as attackers can enumerate and potentially misuse integration endpoints. The exploit is publicly available and easy to execute, increasing the risk of exploitation if the patch is not applied. [1, 2]

Detection Guidance

This vulnerability can be detected by attempting to access the vulnerable endpoint `/show/integrations` on the affected JhumanJ OpnForm versions (up to 1.9.3) without proper authorization. A simple detection method is to send an HTTP request to the endpoint and observe if unauthorized access is granted. For example, you can use curl to test access: curl -i -X GET http://<target-host>/forms/<form-slug>/show/integrations If the response returns sensitive integration or webhook information without proper authentication or authorization, the system is vulnerable. [1, 2]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to apply the available patch identified by the commit hash `11d97d78f2de2cb49f79baed6bde8b611ec1f384` from the official GitHub repository of JhumanJ OpnForm. This patch fixes the missing authorization checks on the `/show/integrations` endpoint. Until the patch is applied, restrict access to the vulnerable endpoint by network controls or authentication mechanisms to prevent unauthorized access. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11439. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart