CVE-2025-65415
Session Fixation in docuFORM Managed Print Service Client
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docuform | managed_print_service_client | to 11.11c (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the vendor's fix released in November 2025, which addresses the session fixation vulnerability by ensuring a new session ID is generated after successful authentication.
If patching is not immediately possible, consider implementing additional security controls such as enforcing HTTPS to protect session cookies, using secure and HttpOnly flags on cookies, and monitoring for suspicious session activity.
Additionally, educating users to avoid clicking on suspicious links that might preset session IDs can help reduce risk.
Can you explain this vulnerability to me?
The vulnerability in docuFORM Managed Print Service Client version 11.11c is a session fixation attack. This occurs because the application fails to generate a new session identifier after a user successfully logs in.
An attacker can exploit this by presetting a session ID and tricking a victim into authenticating with that session ID, allowing the attacker to hijack the victim's authenticated session.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to hijack a user's authenticated session, potentially gaining unauthorized access to the user's account and any sensitive information or functionality available within that session.
Such unauthorized access can lead to data breaches, unauthorized actions performed on behalf of the user, and compromise of system integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring session management behavior on the login page of the docuFORM Managed Print Service Client 11.11c application.
Specifically, you should check if the application generates a new session identifier after successful authentication. If the session ID remains the same before and after login, it indicates susceptibility to session fixation.
To detect this, you can use tools like curl or browser developer tools to capture and compare session cookies before and after login.
- Use curl to capture cookies before login: curl -c cookies.txt http://<target>/login
- Perform login and capture cookies after authentication: curl -b cookies.txt -c cookies_after.txt -d 'username=USER&password=PASS' http://<target>/login
- Compare session IDs in cookies.txt and cookies_after.txt to see if they differ.