CVE-2025-11028
BaseFortify
Publication date: 2025-09-26
Last updated on: 2025-10-07
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vvveb | vvveb | to 1.0.7.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in the givanz Vvveb software up to version 1.0.7.2, specifically in the Image Handler component. It allows an attacker to perform manipulations that result in information disclosure. The vulnerability can be exploited remotely, and the exploit code has been publicly released. The project maintainer has acknowledged the issue and fixed the code to remove the vulnerability.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized information disclosure due to manipulation of the Image Handler component. Since it can be exploited remotely without authentication, it poses a risk of sensitive information being exposed to attackers.
What immediate steps should I take to mitigate this vulnerability?
The project maintainer has fixed the code to remove these vulnerabilities and will push the code to GitHub and make a new release. Immediate steps include updating to the fixed version once it is released to mitigate the vulnerability.