CVE-2025-8517

givanz Vvveb session fixiation

CVSS 5.3 MEDIUMEPSS 0.6%CWE-384

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

04 ago 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue. The patch is identified as d4b1e030066417b77d15b4ac505eed5ae7bf2c5e. You should upgrade the affected component.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

givanz · Vvveb

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/givanz/Vvveb/commit/d4b1e030066417b77d15b4ac505eed5ae7bf2c5e https://github.com/givanz/Vvveb/issues/312 https://github.com/givanz/Vvveb/issues/312#issuecomment-2977995664 https://github.com/givanz/Vvveb/releases/tag/1.0.7 https://github.com/helloandrewpaul/Session-Fixation-in-Vvveb-CMS-v1.0.6.1 https://github.com/kwerty138/Session-Fixation-in-Vvveb-CMS-v1.0.6.1 https://vuldb.com/?ctiid.318643 https://vuldb.com/?id.318643 https://vuldb.com/?submit.623135