{"id":"CVE-2025-11029","details":"A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. Once again the project maintainer reacted very professional: \"I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release.\"","modified":"2026-03-15T22:50:07.484880Z","published":"2025-09-26T17:15:34.027Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.325967"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.657188"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.657190"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.657191"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.657192"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.325967"},{"type":"EVIDENCE","url":"https://gist.github.com/KhanMarshaI/db888b65cfd75bead2035348babfb423"},{"type":"EVIDENCE","url":"https://gist.github.com/KhanMarshaI/165ae8f63ec6b5fdf1f4123252499fce"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/givanz/vvveb","events":[{"introduced":"0"},{"last_affected":"1dda8026605a592dc3018bfa12f5a4307014e227"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.7.2"}]}}],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.7.1","1.0.7.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11029.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}