Medium severity6.3NVD Advisory· Published Oct 8, 2025· Updated Apr 29, 2026

CVE-2025-11438

Description

A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is beb153ce52dceb971c1518f98333328c95f1ba20. It is best practice to apply a patch to resolve this issue.

Affected products

Jhumanj/Opnform
cpe:2.3:a:jhumanj:opnform:*:*:*:*:*:*:*:*
Range: <=1.9.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/JhumanJ/OpnForm/pull/900/commits/beb153ce52dceb971c1518f98333328c95f1ba20nvdPatch
docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/editnvdExploitThird Party Advisory
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000