Improper Handling of Case Sensitivity

CVE-2025-67718

High

8.7/10

Summary

Form.io is a combined Form and API platform for Serverless applications. Versions through 3.5.6, and 4.0.0-rc.1 through 4.4.2, 4.5.0-rc.1 through 4.5.0-rc.10, 4.6.0-rc.1 through 4.6.0-rc.2 contains a flaw in path handling, which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized request could retrieve data from endpoints that should be protected. This issue is fixed in versions 3.5.7 and 4.4.3.

Attack Complexity: LOW
Attack Vector: NETWORK
User Interaction: NONE
Privileges Required: NONE

CWE-178 - Improper Handling of Case Sensitivity

The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

References

Advisory

Advisory Timeline

Published Dec 11, 2025

Improper Handling of Case Sensitivity

CVE-2025-67718

Summary

CWE-178 - Improper Handling of Case Sensitivity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS