cbcvebase.
CVE-2025-56746
published 2025-10-15

CVE-2025-56746: Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where…

PriorityP410low2.2CVSS 3.1
AVLACHPRLUIRSUCLINAN
EPSS
0.16%
5.1th percentile
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers.

Affected

5 ranges
VendorProductVersion rangeFixed in
creativeitemacademy_lms<= 5.13
msrcazl3_kernel_6.6.57.1-7_on_azure_linux_3.0
msrcazl3_kernel_6.6.64.2-1_on_azure_linux_3.0
msrccbl2_kernel_5.15.173.1-2_on_cbl_mariner_2.0
msrccbl2_kernel_5.15.176.3-1_on_cbl_mariner_2.0

CVSS provenance

nvdv3.12.2LOWCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
vendor_msrc3.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.