CVE-2025-11441

Exploit

EPSS 0.63%
Veröffentlicht 08.10.2025 07:02:11
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

JhumanJ OpnForm HTTP Header excessive authentication

A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is described as difficult. The exploit is publicly available and might be used. The identifier of the patch is 11e99960e14ca986b1a001a56e7533223d2cfa5b. It is suggested to install a patch to address this issue.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jhumanj ≫ Opnform Version <= 1.9.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.63%	0.452

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	2.9	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

CWE-799 Improper Control of Interaction Frequency

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

https://vuldb.com/?id.327378

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.327378

VDB Entry

Permissions Required

https://vuldb.com/?submit.666888

Third Party Advisory

VDB Entry

https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.va2ituwwqcf3

Third Party Advisory

Exploit

https://github.com/JhumanJ/OpnForm/pull/900/commits/11e99960e14ca986b1a001a56e7533223d2cfa5b

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-11441

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-11441

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-11441

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-11441