CVE-2025-11029
BaseFortify
Publication date: 2025-09-26
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vvveb | vvveb | to 1.0.7.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site request forgery (CSRF) weakness in givanz Vvveb up to version 1.0.7.2. It allows an attacker to execute unauthorized actions on behalf of a user by tricking them into submitting malicious requests remotely. The vulnerability has been publicly disclosed and the project maintainer has fixed it in a new release.
How can this vulnerability impact me? :
The vulnerability can allow attackers to perform unauthorized actions on your behalf without your consent, potentially leading to manipulation of data or settings within the affected application. Since it can be exploited remotely, it poses a risk to the integrity of your interactions with the software.
What immediate steps should I take to mitigate this vulnerability?
Update givanz Vvveb to the latest version once the maintainer releases the fixed code on GitHub, as the vulnerability has been acknowledged and fixed by the project maintainer. Until then, consider restricting access to the affected application and monitor for any suspicious activity related to cross-site request forgery attempts.