Vulnerability Description
A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is beb153ce52dceb971c1518f98333328c95f1ba20. It is best practice to apply a patch to resolve this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jhumanj | Opnform | <= 1.9.3 |
Related Weaknesses (CWE)
References
- https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/ExploitThird Party Advisory
- https://github.com/JhumanJ/OpnForm/pull/900/commits/beb153ce52dceb971c1518f98333Patch
- https://vuldb.com/?ctiid.327375Permissions RequiredVDB Entry
- https://vuldb.com/?id.327375Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.666879Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-11438?
CVE-2025-11438 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing aut...
How severe is CVE-2025-11438?
CVE-2025-11438 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11438?
Check the references section above for vendor advisories and patch information. Affected products include: Jhumanj Opnform.