CVE-2025-12203

MEDIUM 6.3

givanz Vvveb Code Editor functions.php sanitizeFileName path traversal

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This patch is called b0fa7ff74a3539c6d37000db152caad572e4c39b. Applying a patch is advised to resolve this issue.

CWE	CWE-22
Vendor	givanz
Product	vvveb
Published	Oct 27, 2025
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for givanz vvveb

Be the first to know when new medium vulnerabilities affecting givanz vvveb are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

givanz / Vvveb

1.0.7.0 1.0.7.1 1.0.7.2 1.0.7.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.329873 vuldb.com: https://vuldb.com/?ctiid.329873 vuldb.com: https://vuldb.com/?submit.673159 github.com: https://github.com/givanz/Vvveb/issues/333 github.com: https://github.com/givanz/Vvveb/commit/b0fa7ff74a3539c6d37000db152caad572e4c39b github.com: https://github.com/givanz/Vvveb/

Credits

🔍 Huu1j (VulDB User)