CVE-2025-11436 MEDIUM

CVE-2025-11436: JhumanJ OpnForm answer unrestricted upload

Vendor Jhumanj
Product OpnForm
Weakness CWE-434 · Unrestricted file upload
Published October 8, 2025
Last update October 8, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The patch is identified as 95c3e23856465d202e6aec10bdb6ee0688b5305a. It is advisable to implement a patch to correct this issue.

Key dates

02Disclosure timeline

October 8, 2025 CVE published
October 8, 2025 Record updated