Medium severity6.3NVD Advisory· Published Aug 4, 2025· Updated Apr 29, 2026

CVE-2025-8517

Description

A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue. The patch is identified as d4b1e030066417b77d15b4ac505eed5ae7bf2c5e. You should upgrade the affected component.

Affected products

Vvveb/Vvveb
cpe:2.3:a:vvveb:vvveb:*:*:*:*:*:*:*:*
Range: <1.0.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/givanz/Vvveb/commit/d4b1e030066417b77d15b4ac505eed5ae7bf2c5envdPatch
github.com/givanz/Vvveb/issues/312nvdExploitIssue TrackingMitigation
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
github.com/givanz/Vvveb/issues/312nvdIssue Tracking
github.com/givanz/Vvveb/releases/tag/1.0.7nvdRelease Notes
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000