CNNVD-202509-4038 Information
CNNVD ID
CNNVD-202509-4038
Related CVE
- CNNVD Published: 2025-09-26
Description (Chinese)
formbricks是Formbricks开源的一个调查系统。 formbricks 4.0.1之前版本存在数据伪造问题漏洞,该漏洞源于缺少JWT签名验证,可能导致任意JWT伪造和密码重置。
Description (English)
Formbricks is an open source survey system for Formbricks. There is a gap in data forgery in previous versions of Formbricks 4.1, which stems from the lack of a JWT signature certificate, which could lead to arbitrary JWT forgery and password resetting.
Hazard Level
Low
Vulnerability Type
数据伪造问题
Affected Vendor
Formbricks
Published
2025-09-26
Last Modified
2026-02-24
References
https://github.com/formbricks/formbricks/security/advisories/GHSA-7229-q9pv-j6p4 https://github.com/formbricks/formbricks/blob/843110b0d6c37b5c0da54291616f84c91c55c4fc/apps/web/lib/jwt.ts#L114-L117 https://github.com/formbricks/formbricks/commit/eb1349f205189d5b2d4a95ec42245ca98cf68c82 https://github.com/formbricks/formbricks/pull/6596 https://access.redhat.com/security/cve/cve-2025-59934
Patch
https://github.com/formbricks/formbricks/releases
Share on: