Unrestricted File Upload Vulnerability in JhumanJ OpnForm Software
CVE-2025-11436

5.3MEDIUM

Key Information:

Vendor

Jhumanj

Status
Opnform
Vendor
CVE Published:
8 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-11436?

A vulnerability has been identified in the JhumanJ OpnForm software that allows for unrestricted file uploads through the /answer functionality. This flaw can potentially enable attackers to upload malicious files remotely, leading to exploitation of the affected system. The issue is present in versions up to 1.9.3, and the details surrounding the exploit have become public, increasing the urgency for users to secure their installations. A patch has been released, identified by the hash 95c3e23856465d202e6aec10bdb6ee0688b5305a, and immediate application is recommended to mitigate risks.

Affected Version(s)

OpnForm 1.9.0

OpnForm 1.9.1

OpnForm 1.9.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-11436 - Proof of Concept

References

https://vuldb.com/?id.327373
vdb-entry
https://vuldb.com/?ctiid.327373
signaturepermissions-required
https://vuldb.com/?submit.666877
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

balejin (VulDB User)
JSON
.
CVE-2025-11436 : Unrestricted File Upload Vulnerability in JhumanJ OpnForm Software