CVE-2025-65414: Internal Path Disclosure in docuFORM FSM Client

Apr 2026

Description

The application discloses internal filesystem paths in error messages or responses, which may expose sensitive implementation details and aid an attacker in further reconnaissance or exploitation.

Details

Product: docuForm FSM Client
Affected Versions: 11.11c
Vulnerability Type: CWE-209: Information Exposure Through an Error Message
Risk Level: Medium - CVSS 3.1: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Vendor URL: www.docuform.de
Vendor acknowledged vulnerability: Yes
Vendor Status: Fixed
CVE: CVE-2025-65414

Impact

The vulnerability may allow an unauthenticated attacker to obtain internal filesystem path information, which can disclose implementation details and assist in further reconnaissance or exploitation of the affected system.

References

National Vulnerability Database CVE-2025-65414

Timeline

2025-10: Vulnerability reported to the vendor.
2025-11: Vendor published a fix for the issue.
2026-04: Information about the vulnerability is published.

Credits

Bastian Recktenwald (Bastian.Recktenwald@ZeroBreach.de)

Zurück zum Blog | Advisories