CVE-2025-8522

Name of the Vulnerable Software and Affected Versions givanz Vvvebjs versions up to 2.0.4

Description A critical vulnerability exists in givanz Vvvebjs up to version 2.0.4. The issue is related to path traversal, stemming from the manipulation of the File argument within an unknown function of the /save.php file of the node.js component. The attack can be launched remotely, but requires a high level of complexity and is considered difficult to exploit. The exploit has been publicly disclosed.

Recommendations givanz Vvvebjs versions prior to 2.0.5: At the moment, there is no information about a newer version that contains a fix for this vulnerability.