CVE-2025-11026

A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release."

CVSS v3 3.5 LOW
CVSS v2.0 4.0 MEDIUM

3.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://gist.github.com/KhanMarshaI/14b48f974cbdaa3278a81a169e4caae1	Exploit
https://vuldb.com/?ctiid.325964	Permissions Required VDB Entry
https://vuldb.com/?id.325964	Third Party Advisory VDB Entry
https://vuldb.com/?submit.657181	Third Party Advisory VDB Entry
https://gist.github.com/KhanMarshaI/14b48f974cbdaa3278a81a169e4caae1	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:vvveb:vvveb:*:*:*:*:*:*:*:*

History

08 Oct 2025, 20:22

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:vvveb:vvveb::::::::
First Time		Vvveb Vvveb vvveb
References	~~() https://gist.github.com/KhanMarshaI/14b48f974cbdaa3278a81a169e4caae1 -~~	() https://gist.github.com/KhanMarshaI/14b48f974cbdaa3278a81a169e4caae1 - Exploit
References	~~() https://vuldb.com/?ctiid.325964 -~~	() https://vuldb.com/?ctiid.325964 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.325964 -~~	() https://vuldb.com/?id.325964 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.657181 -~~	() https://vuldb.com/?submit.657181 - Third Party Advisory, VDB Entry

26 Sep 2025, 16:15

Type	Values Removed	Values Added
References	~~() https://gist.github.com/KhanMarshaI/14b48f974cbdaa3278a81a169e4caae1 -~~	() https://gist.github.com/KhanMarshaI/14b48f974cbdaa3278a81a169e4caae1 -

26 Sep 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-26 15:16

Updated : 2025-10-08 20:22

NVD link : CVE-2025-11026

Mitre link : CVE-2025-11026

CVE.ORG link : CVE-2025-11026

JSON object : View

Products Affected

vvveb

vvveb

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-284

Improper Access Control

NVD-CWE-noinfo

3.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2025-11026

3.5^/10

4.0^/10

Attach tags to `CVE-2025-11026`