Home > Vulnerability Database > CVE-2025-11436

Mend.io Vulnerability Database

CVE-2025-11436

Good to know:

Date: October 8, 2025

A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The patch is identified as 95c3e23856465d202e6aec10bdb6ee0688b5305a. It is advisable to implement a patch to correct this issue.

Severity Score

9.8

Related Resources (7)

Url: https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.dm5ttliupfqn

Url: https://github.com/JhumanJ/OpnForm/pull/900/commits/95c3e23856465d202e6aec10bdb6ee0688b5305a

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11436

Url: https://vuldb.com/?ctiid.327373

Url: https://vuldb.com/?submit.666877

Url: https://vuldb.com/?id.327373

Url: https://www.mend.io/vulnerability-database/CVE-2025-11436

Severity Score

9.8

Weakness Type (CWE)

Improper Access Control

CWE-284

Unrestricted Upload of File with Dangerous Type

CWE-434

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11436

Good to know:

Date: October 8, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?