CVE-2025-55797: 
C# vulnerability analysis and mitigation

An improper access control vulnerability has been identified in FormCms version 0.5.4, specifically in the /api/schemas/history/[schemaId] endpoint. The vulnerability was disclosed on September 30, 2025, and has been assigned identifier CVE-2025-55797. This security flaw allows unauthenticated attackers to access historical schema data when they know or can guess a valid schemaId (NVD CVE).

The vulnerability exists in the schema history endpoint of FormCms v0.5.4, where improper access control mechanisms fail to validate user authentication before allowing access to historical schema data. The attack vector requires knowledge or successful guessing of a valid schemaId to exploit the vulnerability. The issue stems from missing authentication checks in the /api/schemas/history/[schemaId] endpoint (NVD CVE).

The vulnerability allows unauthorized access to historical schema data, which could potentially expose sensitive configuration information or system structure details. This exposure could provide attackers with valuable insights into the system's architecture and potentially lead to more targeted attacks (NVD CVE).

Users of FormCms v0.5.4 should implement proper authentication checks for the schema history endpoint and ensure that access to historical schema data is restricted to authorized users only. Organizations should monitor for unauthorized access attempts to the affected endpoint (NVD CVE).