CVE-2025-11440

Summary

A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called b15e29021d326be127193a5dbbd528c4e37e6324. Applying a patch is advised to resolve this issue.

Affected Software

VendorProductVersion RangeStatus
JhumanJOpnForm1.9.0affected
JhumanJOpnForm1.9.1affected
JhumanJOpnForm1.9.2affected
JhumanJOpnForm1.9.3affected

Weaknesses

  • CWE-284: Improper Access Controls
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References