CVE-2025-64515
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-12-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| maykinmedia | open_forms | to 3.2.7 (exc) |
| maykinmedia | open_forms | From 3.3.0 (inc) to 3.3.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Open Forms allows malicious users to modify form fields that are intended to be readonly or disabled when prefill data fields are dynamically set as such. Although regular users see these fields as readonly and cannot change them through the user interface, attackers can deliberately manipulate the data they should not be able to modify. This issue affects versions prior to 3.2.7 and 3.3.3 and has been patched in those versions.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized modification of form data that should be protected as readonly or disabled. This could result in data integrity issues, where malicious users alter information they are not permitted to change, potentially causing incorrect or fraudulent data submissions.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Open Forms to version 3.2.7 or 3.3.3 or later, as these versions contain the patch that fixes the vulnerability allowing modification of readonly/disabled prefill data fields.