cbcvebase.
CVE-2025-11441
published 2025-10-08

CVE-2025-11441: A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The…

PriorityP419low3.7CVSS 3.1
AVNACHPRNUINSUCLINAN
EPSS
0.63%
45.5th percentile
A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is described as difficult. The exploit is publicly available and might be used. The identifier of the patch is 11e99960e14ca986b1a001a56e7533223d2cfa5b. It is suggested to install a patch to address this issue.

Affected

9 ranges
VendorProductVersion rangeFixed in
jhumanjopnform<= 1.9.3
jhumanjopnform
jhumanjopnform
jhumanjopnform
jhumanjopnform
linuxlinux_kernel>= 5.6.0 < 6.1.1606.1.160
linuxlinux_kernel>= 6.13.0 < 6.18.36.18.3
linuxlinux_kernel>= 6.2.0 < 6.6.1206.6.120
linuxlinux_kernel>= 6.7.0 < 6.12.646.12.64

CVSS provenance

nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.02.9LOWCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.