CVE-2025-11029

Summary

A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (…) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release."

Affected Software

VendorProductVersion RangeStatus
givanzVvveb1.0.7.0affected
givanzVvveb1.0.7.1affected
givanzVvveb1.0.7.2affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery
  • CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References