CVE-2025-11443
BaseFortify
Publication date: 2025-10-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jhumanj | opnform | to 1.9.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
No mitigation action has been taken for this vulnerability as it is currently aligned with Laravel issue #46465.
Can you explain this vulnerability to me?
This vulnerability is a weakness in the Forgotten Password Handler component of JhumanJ OpnForm up to version 1.9.3, specifically in the /api/password/email function. It allows an attacker to remotely cause information exposure through discrepancy, meaning some sensitive information might be revealed unintentionally. The attack is complex and difficult to exploit, but a public exploit exists. It is related to a known issue in Laravel (issue #46465), and no mitigation has been applied.
How can this vulnerability impact me? :
The vulnerability can lead to information exposure, potentially revealing sensitive data to unauthorized parties. Since it affects the password reset functionality, it could be used to gain insights into user accounts or system behavior, which might aid further attacks. However, the exploit is complex and difficult to execute, reducing the likelihood of widespread impact.