Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-8518

A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component.

Published

2025-08-04T17:15:31.870

Last Modified

2025-08-27T16:22:16.490

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:M/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: MULTIPLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.4

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-74
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vvveb	vvveb	1.0.5	Yes

References

https://gist.github.com/0xHamy/f16fb399f8dd3a973acadc18fa07b1cb Product ([email protected])
https://github.com/givanz/Vvveb/commit/f684f3e374d04db715730fc4796e102f5ebcacb2 Patch ([email protected])
https://github.com/givanz/Vvveb/releases/tag/1.0.6 Release Notes ([email protected])
https://hkohi.ca/vulnerability/8 Exploit, Third Party Advisory ([email protected])
https://vuldb.com/?ctiid.318644 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.318644 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.624971 Third Party Advisory, VDB Entry ([email protected])
https://hkohi.ca/vulnerability/8 Exploit, Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://vuldb.com/?submit.624971 Third Party Advisory, VDB Entry (134c704f-9b21-4f2e-91b3-4a467353bcc0)