CNNVD-202512-2249 Information

CNNVD ID

CNNVD-202512-2249

Related CVE

CVE-2025-67718

• CNNVD Published: 2025-12-11

Description (Chinese)

Form.io是美国Form.io公司的一个用于无服务器应用程序的组合表单和 API 平台。 Form.io 3.5.6之前版本和4.0.0-rc.1至4.4.2版本存在信息泄露漏洞，该漏洞源于路径处理存在缺陷，可能导致攻击者通过特制请求路径访问受保护的API端点。

Description (English)

Form.io is a combination sheet and API platform for serverless applications at Form.io, United States. There is an information leakage loophole in previous versions of Form.io 3.5.6 and 4.0.0-rc.1 to 4.4.2, which stems from defects in the path handling, which may lead the assailant to access the protected API endpoint through a specially designed request path.

Hazard Level

High

Vulnerability Type

信息泄露

Affected Vendor

Form.io

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/formio/formio/commit/1836bdd9f55f5888ff397c257b2108c09d3de478 https://github.com/formio/formio/security/advisories/GHSA-m654-769v-qjv7

Patch

https://github.com/formio/formio/tags