CVE-2025-11438

LOW EPSS 20.6%
Published Oct 8, 20258mo ago · Modified Jun 17, 20261w ago
2.1 CVSS 4.0
Low
Find Similar
Published Oct 8, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is beb153ce52dceb971c1518f98333328c95f1ba20. It is best practice to apply a patch to resolve this issue.

CVSS Details

Base Score
2.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
20.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-862 Missing Authorization Authorization
CWE-863 Incorrect Authorization Authorization

Affected Products 1

VendorProductVersionRange
jhumanjopnform* ≤1.9.3

References 5

  • docs.google.com https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.gm61tyll8uys
    ExploitThird Party Advisory
  • github.com https://github.com/JhumanJ/OpnForm/pull/900/commits/beb153ce52dceb971c1518f98333328c95f1ba20
    Patch
  • vuldb.com https://vuldb.com/?ctiid.327375
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.327375
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.666879
    Third Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/JhumanJ/OpnForm/pull/900/commits/beb153ce52dceb971c1518f98333328c95f1ba20
    Patch