CVE-2025-8517

Exploit

EPSS 0.16%
Veröffentlicht 04.08.2025 16:15:35
Zuletzt bearbeitet 27.08.2025 16:23:54
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue. The patch is identified as d4b1e030066417b77d15b4ac505eed5ae7bf2c5e. You should upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vvveb ≫ Vvveb Version < 1.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.367

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://github.com/givanz/Vvveb/commit/d4b1e030066417b77d15b4ac505eed5ae7bf2c5e

Patch

https://github.com/givanz/Vvveb/issues/312

Exploit

Issue Tracking

Mitigation

https://github.com/givanz/Vvveb/issues/312#issuecomment-2977995664

Issue Tracking

https://github.com/givanz/Vvveb/releases/tag/1.0.7

Release Notes

https://github.com/helloandrewpaul/Session-Fixation-in-Vvveb-CMS-v1.0.6.1

Exploit