Data Modification Vulnerability in Open Forms by Open Formulieren
CVE-2025-64515

4.3MEDIUM

Key Information:

Vendor

Open-formulieren

Status
Open-forms
Vendor
CVE Published:
18 November 2025

What is CVE-2025-64515?

Open Forms, a platform that allows users to create and publish smart forms, contains a vulnerability that enables malicious users to alter fields marked as readonly. Although the user interface restricts regular users from modifying these fields, attackers can exploit the flaw in versions prior to 3.2.7 and 3.3.3. This issue has been addressed in subsequent updates, ensuring that prefill data fields are securely locked against unauthorized changes. Upgrading to the latest version is strongly recommended to safeguard against potential data manipulation.

Affected Version(s)

open-forms >= 3.3.0, < 3.3.3 < 3.3.0, 3.3.3

open-forms < 3.2.7 < 3.2.7

References

https://github.com/open-formulieren/open-forms/security/a...
x_refsource_CONFIRM
https://github.com/open-formulieren/open-forms/blob/bcf2d...
x_refsource_MISC
https://github.com/open-formulieren/open-forms/blob/bcf2d...
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-64515 : Data Modification Vulnerability in Open Forms by Open Formulieren