CVE-2025-11443

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3

Description A weakness exists in JhumanJ OpnForm, potentially leading to information exposure. The issue stems from a discrepancy within the Forgotten Password Handler component, specifically related to the file /api/password/email. The attack can be initiated remotely and is considered to have high complexity, with difficult exploitability. The exploit is publicly available and is related to Laravel issue #46465. The vulnerable function is unknown.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.