Is there a public PoC exploit available for CVE-2025-11439?

Yes, a public proof-of-concept exploit is available for CVE-2025-11439. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2025-11439?

Yes, a patch is available for CVE-2025-11439. Update the affected software to the latest version immediately.

JhumanJ OpnForm CVE-2025-11439

Q: What is the CVSS score of CVE-2025-11439?

CVE-2025-11439 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Missing Authorization (CWE-862)

2025-10-08 cna@vuldb.com

Authentication Bypass Opnform

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 02:02 vuln.today

DescriptionCVE.org

A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named 11d97d78f2de2cb49f79baed6bde8b611ec1f384. It is recommended to apply a patch to fix this issue.

AnalysisAI

Missing authorization in OpnForm up to version 1.9.3 allows authenticated remote attackers to manipulate the /show/integrations endpoint, bypassing access controls and potentially exposing integration configurations with limited confidentiality impact. The vulnerability requires low-privilege authentication (PR:L per CVSS 4.0 vector), limiting its severity despite public exploit availability; EPSS score of 0.03% indicates minimal real-world exploitation likelihood despite POC publication.

Technical ContextAI

OpnForm is a form-building application written in PHP/Laravel that provides integration management capabilities through the /show/integrations endpoint. The vulnerability stems from broken or missing authorization checks (CWE-862) on this endpoint, allowing authenticated users to access or manipulate integration data beyond their intended scope. The root cause is insufficient privilege validation before processing integration-related requests, a common authorization bypass pattern in web applications where role-based access control is improperly enforced at the API layer.

RemediationAI

Upgrade to a patched version released after commit 11d97d78f2de2cb49f79baed6bde8b611ec1f384 from the JhumanJ OpnForm GitHub repository (https://github.com/JhumanJ/OpnForm/pull/900/commits/11d97d78f2de2cb49f79baed6bde8b611ec1f384). As an interim compensating control for environments unable to patch immediately, restrict API access to the /show/integrations endpoint to administrators only via reverse proxy or application-level middleware; this trades user convenience for security but effectively prevents low-privilege account abuse. Monitor access logs for suspicious integration endpoint access from non-admin accounts as a detection control while patches are tested and deployed.

CVE-2025-11439 vulnerability details – vuln.today

Back