CVE-2025-8792
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-10

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-10
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2025-08-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8792
EUVD
EUVD-2025-24074
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
litmuschaos litmus to 3.19.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-602 The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8792 is a vulnerability in LitmusChaos Litmus up to version 3.19.0 where security controls that should be enforced on the server side are instead enforced only on the client side. Specifically, the frontend restricts special characters in user profile fields, but the backend does not validate these inputs. Attackers can bypass the client-side restrictions by sending crafted requests directly to the backend, which accepts and stores invalid data. This leads to inconsistent input handling and potential security issues due to lack of proper server-side validation. [1, 2]


How can this vulnerability impact me? :

This vulnerability allows remote attackers to bypass input restrictions by manipulating requests, potentially leading to inconsistent or improper data being stored and displayed. Since the backend does not validate inputs properly, this can undermine the integrity of the system and may be exploited to cause downstream effects. The exploit is publicly available and easy to execute, increasing the risk of exploitation. No known mitigations exist, and the vendor has not responded to the issue. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring and intercepting HTTP requests to the LitmusChaos Litmus server, specifically looking for user profile fields such as display names containing special characters that should be restricted by client-side validation but are accepted by the backend. Tools like Burp Suite can be used to intercept and modify these requests to test if the backend accepts inputs with special characters. There are no specific commands provided, but using an intercepting proxy to send crafted inputs bypassing client-side validation is the suggested approach. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

No known countermeasures or mitigations are currently available from the vendor, who did not respond to the disclosure. Immediate steps include considering replacing the affected LitmusChaos Litmus product with an alternative solution. Additionally, monitoring and restricting inputs at the network or application layer, and applying custom server-side validation if possible, may help reduce risk until a fix or patch is available. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart