6.5

CVE-2025-8517

Exploit

givanz Vvveb session fixiation

A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue. The patch is identified as d4b1e030066417b77d15b4ac505eed5ae7bf2c5e. You should upgrade the affected component.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VvvebVvveb Version < 1.0.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.64% 0.456
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@vuldb.com 2.1 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 6.3 2.8 3.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://github.com/givanz/Vvveb/commit/d4b1e030066417b77d15b4ac505eed5ae7bf2c5e
Patch
https://github.com/givanz/Vvveb/issues/312
Exploit
Issue Tracking
Mitigation
https://github.com/givanz/Vvveb/issues/312#issuecomment-2977995664
Issue Tracking
https://github.com/givanz/Vvveb/releases/tag/1.0.7
Release Notes
https://github.com/helloandrewpaul/Session-Fixation-in-Vvveb-CMS-v1.0.6.1
Exploit
Mitigation
https://vuldb.com/?ctiid.318643
VDB Entry
Permissions Required
https://vuldb.com/?id.318643
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.623135
Third Party Advisory
VDB Entry
https://github.com/kwerty138/Session-Fixation-in-Vvveb-CMS-v1.0.6.1
Exploit
Mitigation