PT-2025-41233 · Opnform · Opnform
Balejin
·
Published
2025-10-08
·
Updated
2025-10-08
·
CVE-2025-11438
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
JhumanJ OpnForm versions up to 1.9.3
Description
A missing authorization check exists in the API endpoint responsible for managing custom domains, located at
/custom-domains. This allows for unauthorized manipulation of custom domain settings. The vulnerability affects unknown code within the /custom-domains file of the API Endpoint component. The exploit has been publicly disclosed.Recommendations
Apply the patch beb153ce52dceb971c1518f98333328c95f1ba20.
Exploit
Fix
Incorrect Authorization
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Opnform