Home

Description

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed.

PUBLISHED Reserved 2025-08-16 | Published 2025-09-30 | Updated 2025-10-01 | Assigner mitre

References

github.com/FormCms

github.com/FormCms/FormCms

github.com/KKC73/me/tree/main/CVE-2025-55797

cve.org (CVE-2025-55797)

nvd.nist.gov (CVE-2025-55797)

Download JSON