CVE-2025-11027

A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release."

CVSS v3 2.4 LOW
CVSS v2.0 3.3 LOW

2.4^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:L/Au:M/C:N/I:P/A:N

Exploitability : 6.4 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://gist.github.com/KhanMarshaI/b90045ee823866a52f33615776b5a6ec	Exploit
https://vuldb.com/?ctiid.325965	Permissions Required VDB Entry
https://vuldb.com/?id.325965	Third Party Advisory VDB Entry
https://vuldb.com/?submit.657184	Third Party Advisory VDB Entry
https://gist.github.com/KhanMarshaI/b90045ee823866a52f33615776b5a6ec	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:vvveb:vvveb:*:*:*:*:*:*:*:*

History

07 Oct 2025, 18:56

Type	Values Removed	Values Added
References	~~() https://gist.github.com/KhanMarshaI/b90045ee823866a52f33615776b5a6ec -~~	() https://gist.github.com/KhanMarshaI/b90045ee823866a52f33615776b5a6ec - Exploit
References	~~() https://vuldb.com/?ctiid.325965 -~~	() https://vuldb.com/?ctiid.325965 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.325965 -~~	() https://vuldb.com/?id.325965 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.657184 -~~	() https://vuldb.com/?submit.657184 - Third Party Advisory, VDB Entry
CPE		cpe:2.3:a:vvveb:vvveb::::::::
First Time		Vvveb Vvveb vvveb

26 Sep 2025, 18:15

Type	Values Removed	Values Added
References	~~() https://gist.github.com/KhanMarshaI/b90045ee823866a52f33615776b5a6ec -~~	() https://gist.github.com/KhanMarshaI/b90045ee823866a52f33615776b5a6ec -

26 Sep 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-26 16:15

Updated : 2025-10-07 18:56

NVD link : CVE-2025-11027

Mitre link : CVE-2025-11027

CVE.ORG link : CVE-2025-11027

JSON object : View

Products Affected

vvveb

vvveb

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')

2.4 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.3 /10

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2025-11027

2.4^/10

3.3^/10

Attach tags to `CVE-2025-11027`