CVE-2025-9397
BaseFortify
Publication date: 2025-08-24
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vvveb | vvveb | to 1.0.7.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in givanz Vvveb up to version 1.0.7.2 in an unknown function within the file /system/traits/media.php. It allows an attacker to manipulate the argument files[] to perform an unrestricted file upload. This means an attacker can remotely upload files without proper restrictions, potentially leading to unauthorized actions on the system. The vulnerability has been publicly disclosed and a patch is planned by the code maintainer.
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to upload arbitrary files to the affected system without restriction. This could lead to unauthorized access, data compromise, or further exploitation of the system. Since the exploit is publicly available, the risk of attack is increased until a patch is applied.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch provided by the code maintainer to remove the vulnerability. Until the new release is available, restrict or monitor uploads to the affected file /system/traits/media.php to prevent exploitation.