CVE-2025-64515

EPSS 0.07%
Veröffentlicht 18.11.2025 22:39:48
Zuletzt bearbeitet 02.12.2025 20:39:24
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields are marked as readonly and cannot be modified through the user interface. This issue has been patched in versions 3.2.7 and 3.3.3.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Maykinmedia ≫ Open Forms Version < 3.2.7

Maykinmedia ≫ Open Forms Version >= 3.3.0 < 3.3.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.204

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/open-formulieren/open-forms/security/advisories/GHSA-cp63-63mq-5wvf

Patch

Vendor Advisory

https://github.com/open-formulieren/open-forms/blob/bcf2dc54c695fb7c8c58712627d82c4b766248b6/CHANGELOG.rst#327-2025-11-18

Release Notes

https://github.com/open-formulieren/open-forms/blob/bcf2dc54c695fb7c8c58712627d82c4b766248b6/CHANGELOG.rst#333-2025-11-18

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-64515

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64515

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64515

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-64515