CVE-2025-11029
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-26
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-09-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-11029
EUVD
EUVD-2025-31369
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vvveb vvveb to 1.0.7.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a cross-site request forgery (CSRF) weakness in givanz Vvveb up to version 1.0.7.2. It allows an attacker to execute unauthorized actions on behalf of a user by tricking them into submitting malicious requests remotely. The vulnerability has been publicly disclosed and the project maintainer has fixed it in a new release.

Impact Analysis

The vulnerability can allow attackers to perform unauthorized actions on your behalf without your consent, potentially leading to manipulation of data or settings within the affected application. Since it can be exploited remotely, it poses a risk to the integrity of your interactions with the software.

Mitigation Strategies

Update givanz Vvveb to the latest version once the maintainer releases the fixed code on GitHub, as the vulnerability has been acknowledged and fixed by the project maintainer. Until then, consider restricting access to the affected application and monitor for any suspicious activity related to cross-site request forgery attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11029. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart