Home > Vulnerability Database > CVE-2025-11438

Mend.io Vulnerability Database

CVE-2025-11438

Good to know:

Date: October 8, 2025

A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is beb153ce52dceb971c1518f98333328c95f1ba20. It is best practice to apply a patch to resolve this issue.

Severity Score

9.8

Related Resources (7)

Url: https://github.com/JhumanJ/OpnForm/pull/900/commits/beb153ce52dceb971c1518f98333328c95f1ba20

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11438

Url: https://vuldb.com/?id.327375

Url: https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.gm61tyll8uys

Url: https://vuldb.com/?submit.666879

Url: https://vuldb.com/?ctiid.327375

Url: https://www.mend.io/vulnerability-database/CVE-2025-11438

Severity Score

9.8

Weakness Type (CWE)

Missing Authorization

CWE-862

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11438

Good to know:

Date: October 8, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?