In mid-July 2025, a vulnerability was disclosed in the NPM library form-data (GitHub Security Advisory). Qlik became aware of this issue through its standard Secure Development Lifecycle (SDL) processes.
Following an internal review, Qlik R&D and Security teams identified that potentially vulnerable versions of the form-data library were included in some installations of Qlik Sense Enterprise for Windows. However, due to the specific way Qlik utilizes this library, the conditions required for exploitation are not met.
Although the vulnerability was determined to be non-exploitable within Qlik Sense, customers who prefer to upgrade to a version that includes the patched form-data library can do so by installing one of the following releases:
May 2025 Patch 6
November 2024 Patch 18
May 2024 Patch 24
Note: An earlier version of this information was mistakenly published indicating that this CVE was directly related to Qlik Sense for Windows.
