CVE-2025-65415
Session Fixation in docuFORM Managed Print Service Client
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docuform | managed_print_service_client | to 11.11c (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the vendor's fix released in November 2025, which addresses the session fixation vulnerability by ensuring a new session ID is generated after successful authentication.
If patching is not immediately possible, consider implementing additional security controls such as enforcing HTTPS to protect session cookies, using secure and HttpOnly flags on cookies, and monitoring for suspicious session activity.
Additionally, educating users to avoid clicking on suspicious links that might preset session IDs can help reduce risk.
Can you explain this vulnerability to me?
The vulnerability in docuFORM Managed Print Service Client version 11.11c is a session fixation attack. This occurs because the application fails to generate a new session identifier after a user successfully logs in.
An attacker can exploit this by presetting a session ID and tricking a victim into authenticating with that session ID, allowing the attacker to hijack the victim's authenticated session.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to hijack authenticated sessions by exploiting session fixation, which can lead to unauthorized access to sensitive information.
Such unauthorized access could potentially result in non-compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access.
However, the provided information does not explicitly state the impact on compliance with these regulations.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to hijack a user's authenticated session, potentially gaining unauthorized access to the user's account and any sensitive information or functionality available within that session.
Such unauthorized access can lead to data breaches, unauthorized actions performed on behalf of the user, and compromise of system integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring session management behavior on the login page of the docuFORM Managed Print Service Client 11.11c application.
Specifically, you should check if the application generates a new session identifier after successful authentication. If the session ID remains the same before and after login, it indicates susceptibility to session fixation.
To detect this, you can use tools like curl or browser developer tools to capture and compare session cookies before and after login.
- Use curl to capture cookies before login: curl -c cookies.txt http://<target>/login
- Perform login and capture cookies after authentication: curl -b cookies.txt -c cookies_after.txt -d 'username=USER&password=PASS' http://<target>/login
- Compare session IDs in cookies.txt and cookies_after.txt to see if they differ.