CVE-2025-55797

Vulnerability

Overview

CVE-2025-55797 is an improper access control vulnerability in FormCMS v0.5.4, specifically in the /api/schemas/history/[schemaId] endpoint [1][2][3]. The endpoint returns all historical versions of a schema, including the complete schema data, without requiring any authentication [1][4]. This flaw allows an unauthenticated attacker to retrieve sensitive schema definitions if they can discover or guess a valid schemaId.

Attack

Vector and Exploitation

The vulnerability is exploitable remotely over the network. No authentication is required to access the endpoint [1]. An attacker can enumerate or brute-force schemaId values (which may be sequential or predictable) to retrieve historical schema data [4]. The official advisory notes that the schema history includes complete schema structures, potentially exposing database schema design, field names, data types, and relationships [4].

Impact

Successful exploitation results in unauthorized information disclosure [4]. An attacker can gain insight into the underlying data model of the FormCMS instance, which can be used to craft further attacks or extract sensitive metadata about the application's data structures [1][4]. This exposure of schema definitions may aid in exploiting other vulnerabilities or performing reconnaissance on the target system.

Mitigation

Status

The issue has been addressed in FormCMS v0.5.5 [4]. Users running v0.5.4 or earlier should upgrade to the latest version. There is no indication that the endpoint requires input sanitization or rate-limiting as a workaround; the fix likely implements proper authentication and authorization checks on the history endpoint [4].