CVE-2025-8517

MEDIUM

givanz Vvveb <1.0.6.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-8517. PoCs published by helloandrewpaul.

AI-analyzed exploit summary This repository provides a detailed technical analysis of a session fixation vulnerability (CVE-2025-8517) in Vvveb CMS v1.0.6.1, including root cause, attack vectors, and proof-of-concept steps. It highlights the failure to regenerate session IDs upon authentication and the acceptance of arbitrary session IDs.

Description

A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue. The patch is identified as d4b1e030066417b77d15b4ac505eed5ae7bf2c5e. You should upgrade the affected component.

Exploits (1)

nomisec WRITEUP

by helloandrewpaul · poc

https://github.com/helloandrewpaul/Session-Fixation-in-Vvveb-CMS-v1.0.6.1

View Code ZIP pw:eip

This repository provides a detailed technical analysis of a session fixation vulnerability (CVE-2025-8517) in Vvveb CMS v1.0.6.1, including root cause, attack vectors, and proof-of-concept steps. It highlights the failure to regenerate session IDs upon authentication and the acceptance of arbitrary session IDs.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Vvveb CMS v1.0.6.1

No auth needed

Prerequisites: Access to the victim's browser to set a cookie · Victim must log in after the cookie is set

MITRE ATT&CK