Main Vulnerability Database Exploits ID:11850 - Exploit for Use of insufficiently random values in form-data - CVE-2025-7783

ID:11850 - Exploit for Use of insufficiently random values in form-data - CVE-2025-7783

Published: August 15, 2025

Vulnerability identifier: #VU113173

Vulnerability risk: Medium

CVE-ID: CVE-2025-7783

CWE-ID: CWE-330

Exploitation vector: Remote access

Vulnerable software:
form-data

Link to public exploit:

https://github.com/benweissmann/CVE-2025-7783-poc

Vulnerability description

The vulnerability allows a remote attacker to perform parameter injection attacks.

The vulnerability exists due to software uses a weak Math.random() method to generated random values for multipart form-encoded data. A remote attacker can observe values produced by Math.random in the target application and predict the random number used to generate form-data's boundary value and inject arbitrary parameters into requests.

Remediation

Install updates from vendor's website.

ID:11850 - Exploit for Use of insufficiently random values in form-data - CVE-2025-7783

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human