CVE-2025-11028

Source
https://cve.org/CVERecord?id=CVE-2025-11028
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11028.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-11028
Published
2025-09-26T16:02:07.891Z
Modified
2026-07-08T06:27:48.769258226Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
givanz Vvveb Image information disclosure
Details

A security flaw has been discovered in givanz Vvveb up to 1.0.7.2. This affects an unknown part of the component Image Handler. Performing manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release."

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "1.0.7.0"
                },
                {
                    "last_affected": "1.0.7.0"
                },
                {
                    "introduced": "1.0.7.1"
                },
                {
                    "last_affected": "1.0.7.1"
                },
                {
                    "introduced": "1.0.7.2"
                },
                {
                    "last_affected": "1.0.7.2"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11028.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-200",
        "CWE-284"
    ]
}
References

Affected packages

Git / github.com/givanz/vvveb

Affected ranges

Type
GIT
Repo
https://github.com/givanz/vvveb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:vvveb:vvveb:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.7.2"
        }
    ]
}

Affected versions

1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.7.1
1.0.7.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11028.json"