Description

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields are marked as readonly and cannot be modified through the user interface. This issue has been patched in versions 3.2.7 and 3.3.3.

INFO

Published Date :

2025-11-18T22:39:48.150Z

Last Modified :

2025-11-19T17:01:01.839Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64515 vulnerability.

Vendors Products
Maykinmedia
  • Open Forms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64515.

URL Resource
https://github.com/open-formulieren/open-forms/blob/bcf2dc54c695fb7c8c58712627d82c4b766248b6/CHANGELOG.rst#327-2025-11-18 cve-icon cve-icon
https://github.com/open-formulieren/open-forms/blob/bcf2dc54c695fb7c8c58712627d82c4b766248b6/CHANGELOG.rst#333-2025-11-18 cve-icon cve-icon
https://github.com/open-formulieren/open-forms/security/advisories/GHSA-cp63-63mq-5wvf cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact