Craft CMS Plugin Formie Vulnerability in JSON Import Process
CVE-2025-32427

5.3MEDIUM

Key Information:

Vendor: Verbb
Status: Formie
Vendor: CVE Published:; 11 April 2025

What is CVE-2025-32427?

The Formie plugin for Craft CMS contains a vulnerability that arises during the JSON import process. Specifically, before version 2.1.44, if a field label or handle included malicious data, the output was not properly escaped during the preview stage of the import. This lack of proper sanitization can potentially allow an attacker to manipulate the JSON export before it is imported, leading to possible security risks. It is crucial for users to ensure they are on version 2.1.44 or later to mitigate this vulnerability.

Affected Version(s)

formie < 2.1.44

References

https://github.com/verbb/formie/security/advisories/GHSA-...

x_refsource_CONFIRM

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Apr 8, 2025

CVE-2025-32427 Data

JSON

Verbb

What is CVE-2025-32427?

Affected Version(s)

References

CVSS V4

Timeline