CVE-2025-56746
LOWDescription
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| creativeitem | academy_lms |
References
Frequently Asked Questions
What is CVE-2025-56746? +
How severe is CVE-2025-56746? +
What products are affected by CVE-2025-56746? +
How do I check if I'm vulnerable to CVE-2025-56746? +
Related Vulnerabilities
Session fixation vulnerability in Wikimedia Foundation OAuth. This vulnerability is associated with program files src/Backend/MWOAuthServer.Php. This issue affects OAuth: from …
KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with …
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints …
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could …
QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same …
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of …