Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2025-8518

πŸ—“οΈΒ 04 Aug 2025Β 17:02:06Reported byΒ VulDBTypeΒ 
cve
Β cveπŸ”—Β web.nvd.nist.govπŸ‘Β 16Β Views🌐 WEB

Critical code injection vulnerability in givanz Vvveb 1.0.5, patch available in version 1.0.6.

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Injection in Vvveb
29 Sep 202516:51
–githubexploit
Circl		CVE-2025-8518
29 Sep 202516:59
–circl
CNNVD		Vvveb 注ε…₯漏洞
4 Aug 202500:00
–cnnvd
Cvelist		CVE-2025-8518 givanz Vvveb Code Editor code.php save code injection
4 Aug 202517:02
–cvelist
EUVD		EUVD-2025-23521
3 Oct 202520:07
–euvd
Metasploit		Remote Code Execution Vulnerability in Vvveb
22 Oct 202518:54
–metasploit
NVD		CVE-2025-8518
4 Aug 202517:15
–nvd
Packet Storm		πŸ“„ Vvveb CMS 1.0.5 Remote Code Execution
22 Oct 202500:00
–packetstorm
Packet Storm		πŸ“„ Vvveb CMS 1.0.5 Insecure Direct Object Reference
10 Mar 202600:00
–packetstorm
Packet Storm		πŸ“„ Vvveb CMS 1.0.5 Command Injection
11 Mar 202600:00
–packetstorm
Rows per page
NVD
Vulners
Node
vvvebvvvebMatch1.0.5
[
  {
    "vendor": "givanz",
    "product": "Vvveb",
    "versions": [
      {
        "version": "1.0.5",
        "status": "affected"
      },
      {
        "version": "1.0.6",
        "status": "unaffected"
      }
    ],
    "modules": [
      "Code Editor"
    ]
  }
]
ParameterPositionPathDescriptionCWE
contentpathadmin/controller/editor/code.phpCode injection via unsanitized Code Editor Save function in admin/controller/editor/code.phpCWE-74,Β CWE-94
payloadpathadmin/controller/editor/code.phpCode injection via unsanitized Code Editor Save function in admin/controller/editor/code.phpCWE-74,Β CWE-94
modulequery paramadmin/?admin&moduleInsecure direct object reference via admin module parameter enabling access to administrative interfacesCWE-74,Β CWE-94

Data

Build on a solid foundation withΒ Vulners data

WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data

Api

Power your application withΒ Vulners API

The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access

App

Assess and manage vulnerabilities withΒ VulnersΒ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Apr 2026 01:00Current
5.6Medium risk
Vulners AI Score5.6
CVSS 3.14.7 - 7.2
CVSS 45.1
CVSS 25.8
CVSS 34.7
EPSS0.37891
SSVC
CWE-74CWE-94
cve identifiercode injectiongivanz vvvebversion upgradecritical vulnerability
16