CVE-2025-56746

Name of the Vulnerable Software and Affected Versions Creativeitem Academy LMS versions 5.13 and earlier

Description The software does not regenerate session IDs after successful authentication, which allows for session fixation attacks. An attacker can hijack user sessions by predetermining session identifiers.

Recommendations Update to a version beyond 5.13. At the moment, there is no information about a newer version that contains a fix for this vulnerability.