PT-2025-40005 · Formcms · Formcms
Kkc73
·
Published
2025-09-30
·
Updated
2025-12-23
·
CVE-2025-55797
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
FormCms version 0.5.4
Description
An access control issue exists in FormCms version 0.5.4. An unauthenticated attacker can access historical schema data via the
/api/schemas/history/[schemaId] API endpoint if a valid schemaId is known or guessed.Recommendations
Apply a fix for FormCms version 0.5.4 to address the improper access control.
Exploit
Fix
Improper Access Control
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Formcms