CVE-2025-11440
BaseFortify
Publication date: 2025-10-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jhumanj | opnform | to 1.9.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11440 is an improper access control vulnerability in JhumanJ OpnForm versions up to 1.9.3, specifically affecting an unknown function within the /edit file. It allows unauthorized remote attackers, including low-privileged users with read-only permissions, to bypass access restrictions and access sensitive form settings such as the form's password. This exposure of confidential configuration details occurs because the product does not properly restrict access to the /edit endpoint. The vulnerability can be exploited remotely and easily, with a public proof-of-concept available. A patch identified by commit b15e29021d326be127193a5dbbd528c4e37e6324 is available to fix this issue. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users to access sensitive configuration details of forms, including passwords, which should be restricted. This improper access control can lead to confidentiality breaches, potentially exposing sensitive information and weakening the security posture of your system. Since the exploit can be executed remotely and easily, it increases the risk of unauthorized data exposure and misuse. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the /edit endpoint of the JhumanJ OpnForm application with a low-privileged or read-only user account. If the user can access sensitive form settings, including the form's password, this indicates the vulnerability is present. Network detection could involve monitoring HTTP requests to the /edit endpoint and checking for unauthorized access attempts. Specific commands are not provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the patch identified by commit b15e29021d326be127193a5dbbd528c4e37e6324, which is included in version 1.9.3 of JhumanJ OpnForm. Updating to this patched version will resolve the improper access control issue on the /edit endpoint and prevent unauthorized access. [1, 2]