CVE-2025-11029 MEDIUM

CVE-2025-11029: givanz Vvveb cross-site request forgery

Vendor Givanz
Product Vvveb
Weakness CWE-352 · CSRF
Published September 26, 2025
Last update September 26, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release."

Key dates

02Disclosure timeline

September 26, 2025 CVE published
September 26, 2025 Record updated