CVE-2025-8520

Name of the Vulnerable Software and Affected Versions givanz Vvveb versions up to 1.0.5

Description A critical vulnerability exists in the Drag-and-Drop Editor component of givanz Vvveb. The vulnerability is due to server-side request forgery, which can be triggered by manipulating the url argument in the /vadmin123/?module=editor/editor API endpoint. The attack can be initiated remotely, and the exploit has been publicly disclosed.

Recommendations Upgrade to version 1.0.6.