CVE-2025-56746
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| creativeitem | academy_lms | to 5.13 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a session fixation issue in Creativeitem Academy LMS versions up to 5.13. The system does not regenerate the session ID after a user successfully logs in. An attacker can set or fix a known session ID for a victim before the victim logs in. Because the session ID remains the same after login, the attacker can hijack the victim's authenticated session and perform unauthorized actions. [1]
How can this vulnerability impact me? :
An attacker can hijack your authenticated session by forcing you to use a predetermined session ID. This allows the attacker to access your account, perform unauthorized actions, and view sensitive data as if they were you. This compromises the confidentiality and integrity of your user session and data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying if the session ID remains the same before and after user authentication. One way to test this is by using curl commands to capture the session cookie before login and after login to see if it changes. For example, use curl to fetch the login page and extract the session ID, then perform a login POST request with credentials and check if the session ID in the response cookies is the same. If the session ID does not change, the system is vulnerable to session fixation. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include regenerating the session ID immediately after successful authentication using functions like session_regenerate_id(true) or CodeIgniter's $this->session->sess_regenerate(true). Additionally, set authenticated session data only after session regeneration. Implement session security configurations such as setting session expiration (e.g., 2 hours), periodic session regeneration (e.g., every 5 minutes), and using Secure and HttpOnly cookie flags. Regularly regenerate session IDs during active sessions and validate session integrity on each request. Destroy sessions on logout to prevent reuse. [1]