CVE-2025-11441
BaseFortify
Publication date: 2025-10-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jhumanj | opnform | to 1.9.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-799 | The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. |
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in JhumanJ OpnForm up to version 1.9.3 involves manipulation of the HTTP header 'X-Forwarded-For' to bypass protections against excessive authentication attempts. By spoofing this header, an attacker can circumvent rate-limiting or lockout mechanisms designed to prevent brute-force login attempts, allowing repeated unauthorized login tries remotely without authentication. The vulnerability is classified under CWE-307 and related categories, and although exploitation is difficult, a public proof-of-concept exploit exists. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to perform brute-force attacks on your authentication system remotely. By bypassing the rate-limiting or lockout protections through 'X-Forwarded-For' header manipulation, attackers can attempt multiple login attempts without being blocked, potentially leading to unauthorized access or exposure of confidential information. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests for suspicious or excessive authentication attempts that include manipulated 'X-Forwarded-For' headers, which may indicate attempts to bypass brute-force protections. Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on unusual patterns of 'X-Forwarded-For' header values or high rates of failed login attempts from varying IP addresses in this header. Commands to detect such activity might include using tools like tcpdump or tshark to filter HTTP headers, for example: tcpdump -i any -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'X-Forwarded-For' or tshark -Y 'http.header contains "X-Forwarded-For"' -T fields -e http.host -e http.x_forwarded_for. Additionally, reviewing application logs for repeated failed authentication attempts with varying 'X-Forwarded-For' values can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the available patch identified by commit hash 11e99960e14ca986b1a001a56e7533223d2cfa5b, which addresses the issue in JhumanJ OpnForm versions up to 1.9.3. This patch fixes the improper restriction of excessive authentication attempts caused by manipulation of the 'X-Forwarded-For' header. Until the patch is applied, it is recommended to implement additional monitoring and rate-limiting controls on authentication attempts, and consider blocking or validating 'X-Forwarded-For' headers to prevent spoofing. Ensuring that brute-force protections cannot be bypassed by header manipulation is critical. [1, 2]