Vulnerability Description
A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is identified as f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vvveb | Vvveb | < 1.0.6 |
Related Weaknesses (CWE)
References
- https://github.com/givanz/Vvveb/commit/f684f3e374d04db715730fc4796e102f5ebcacb2Patch
- https://github.com/givanz/Vvveb/releases/tag/1.0.6Release Notes
- https://hkohi.ca/vulnerability/9ExploitThird Party Advisory
- https://vuldb.com/?ctiid.318646Permissions RequiredVDB Entry
- https://vuldb.com/?id.318646Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.624973Third Party AdvisoryVDB Entry
- https://hkohi.ca/vulnerability/9ExploitThird Party Advisory
- https://vuldb.com/?submit.624973Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-8520?
CVE-2025-8520 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor...
How severe is CVE-2025-8520?
CVE-2025-8520 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-8520?
Check the references section above for vendor advisories and patch information. Affected products include: Vvveb Vvveb.