PT-2025-47415 · Unknown · Open Forms

Published

2025-11-18

Updated

2025-11-19

CVE-2025-64515

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Open Forms versions prior to 3.2.7 Open Forms versions prior to 3.3.3

Description Open Forms enables users to create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms with prefill data fields dynamically set to readonly or disabled could be modified by malicious users attempting to alter data they were not authorized to change. For regular users, these form fields are marked as readonly and cannot be modified through the user interface.

Recommendations Update Open Forms to version 3.2.7 or later. Update Open Forms to version 3.3.3 or later.

Exploit

Fix

LPE

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2025-64515

GHSA-CP63-63MQ-5WVF

Affected Products

Open Forms

PT-2025-47415 · Unknown · Open Forms

CVE-2025-64515

Weakness Enumeration

Related Identifiers

Affected Products

References · 10