CVE-2025-11029

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-11029
A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release."

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://gist.github.com/KhanMarshaI/165ae8f63ec6b5fdf1f4123252499fce Exploit
https://gist.github.com/KhanMarshaI/db888b65cfd75bead2035348babfb423 Exploit
https://vuldb.com/?ctiid.325967 Permissions Required VDB Entry
https://vuldb.com/?id.325967 Third Party Advisory VDB Entry
https://vuldb.com/?submit.657188 Third Party Advisory VDB Entry
https://vuldb.com/?submit.657190 Third Party Advisory VDB Entry
https://vuldb.com/?submit.657191 Third Party Advisory VDB Entry
https://vuldb.com/?submit.657192 Third Party Advisory VDB Entry
https://gist.github.com/KhanMarshaI/165ae8f63ec6b5fdf1f4123252499fce Exploit
https://gist.github.com/KhanMarshaI/db888b65cfd75bead2035348babfb423 Exploit
Configurations

Configuration 1 (hide)

cpe:2.3:a:vvveb:vvveb:*:*:*:*:*:*:*:*
History

07 Oct 2025, 18:49

Type Values Removed Values Added
First Time Vvveb
Vvveb vvveb
CPE cpe:2.3:a:vvveb:vvveb:*:*:*:*:*:*:*:*
References () https://gist.github.com/KhanMarshaI/165ae8f63ec6b5fdf1f4123252499fce - () https://gist.github.com/KhanMarshaI/165ae8f63ec6b5fdf1f4123252499fce - Exploit
References () https://gist.github.com/KhanMarshaI/db888b65cfd75bead2035348babfb423 - () https://gist.github.com/KhanMarshaI/db888b65cfd75bead2035348babfb423 - Exploit
References () https://vuldb.com/?ctiid.325967 - () https://vuldb.com/?ctiid.325967 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.325967 - () https://vuldb.com/?id.325967 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.657188 - () https://vuldb.com/?submit.657188 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.657190 - () https://vuldb.com/?submit.657190 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.657191 - () https://vuldb.com/?submit.657191 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.657192 - () https://vuldb.com/?submit.657192 - Third Party Advisory, VDB Entry

26 Sep 2025, 18:15

Type Values Removed Values Added
References () https://gist.github.com/KhanMarshaI/165ae8f63ec6b5fdf1f4123252499fce - () https://gist.github.com/KhanMarshaI/165ae8f63ec6b5fdf1f4123252499fce -
References () https://gist.github.com/KhanMarshaI/db888b65cfd75bead2035348babfb423 - () https://gist.github.com/KhanMarshaI/db888b65cfd75bead2035348babfb423 -

26 Sep 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-26 17:15

Updated : 2025-10-07 18:49

NVD link : CVE-2025-11029

Mitre link : CVE-2025-11029

CVE.ORG link : CVE-2025-11029

JSON object : View

Products Affected

vvveb

  • vvveb
CWE
CWE-352

Cross-Site Request Forgery (CSRF)

CWE-862

Missing Authorization