CVE-2025-11442 – This CVE describes a cross-site request forgery... (How to Fix)

Q: What is the severity of CVE-2025-11442?

CVE-2025-11442 has a CVSS score of 4.3 (MEDIUM). This CVE describes a cross-site request forgery (CSRF) vulnerability in JhumanJ OpnForm API endpoints up to version 1.9.3. The vulnerability could allow attackers to perform unauthorized actions if they obtain valid JWT tokens through other means like XSS. Only OpnForm installations up to version 1.9.3 are affected.

📋 TL;DR

This CVE describes a cross-site request forgery (CSRF) vulnerability in JhumanJ OpnForm API endpoints up to version 1.9.3. The vulnerability could allow attackers to perform unauthorized actions if they obtain valid JWT tokens through other means like XSS. Only OpnForm installations up to version 1.9.3 are affected.

💻 Affected Systems

Products:

JhumanJ OpnForm

Versions: Up to and including 1.9.3

Operating Systems: All platforms running OpnForm

Default Config Vulnerable: ⚠️ Yes

Notes: All installations up to version 1.9.3 are vulnerable regardless of configuration.

📦 What is this software?

Opnform by Jhumanj

View all CVEs affecting Opnform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with a stolen JWT token could perform unauthorized API operations, potentially modifying forms, accessing form submissions, or altering application configuration.

🟠

Likely Case

Limited impact since the vendor states API requires authentication via Bearer tokens and XSS vectors are mitigated, making initial token theft difficult.

🟢

If Mitigated

With proper authentication controls and no XSS vulnerabilities, the CSRF vulnerability has minimal practical impact.

🌐 Internet-Facing: MEDIUM - Internet-facing OpnForm instances could be targeted if attackers find other ways to obtain valid tokens.

🏢 Internal Only: LOW - Internal deployments have reduced attack surface and require additional compromise to exploit.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires a valid JWT token, which the vendor states is protected against XSS theft. The exploit has been released publicly but requires token acquisition first.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.9.4 or later

Vendor Advisory: https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit

Restart Required: No

Instructions:

1. Backup your OpnForm installation and database. 2. Update to OpnForm version 1.9.4 or later. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Implement CSRF tokens for API endpoints

all

Add CSRF token validation to all API endpoints that accept state-changing requests

Enforce SameSite cookies

all

Configure session cookies with SameSite=Strict attribute to prevent CSRF attacks

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF patterns
Monitor for unusual API activity and implement rate limiting on sensitive endpoints

🔍 How to Verify

Check if Vulnerable:

Check OpnForm version in admin panel or via package manager. If version is 1.9.3 or earlier, the system is vulnerable.

Check Version:

Check OpnForm admin dashboard or run: php artisan --version (for Laravel-based installations)

Verify Fix Applied:

Verify OpnForm version is 1.9.4 or later. Test API endpoints to ensure CSRF protection is implemented.

📡 Detection & Monitoring

Log Indicators:

Multiple failed API requests with valid tokens
Unusual API call patterns from single tokens
API requests missing expected CSRF headers

Network Indicators:

Cross-origin API requests without proper CORS headers
API requests with stolen JWT tokens

SIEM Query:

source="opnform_logs" AND (http_method="POST" OR http_method="PUT" OR http_method="DELETE") AND NOT csrf_token=* AND response_code=200

📊 Metadata

CVE ID: CVE-2025-11442

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

EPSS Score: 0.14% exploit probability (34.3th percentile)

Published: October 8, 2025

Last Updated: October 9, 2025

🔗 References

https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.w5b1nllxwvdq Exploit,Third Party Advisory
https://vuldb.com/?ctiid.327379 Permissions Required,VDB Entry
https://vuldb.com/?id.327379 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.666889 Third Party Advisory,VDB Entry
https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.w5b1nllxwvdq Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11442, you might also want to check these: