Vulnerability Database

314,373

Total vulnerabilities in the database

CVE-2025-56746

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers.

Published: Oct 15, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-56746
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.2
AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

CWEs:

CWE-384

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
creativeitem / academy_lms	-	5.13.x

https://suryadina.com/academy-lms-session-fixation-1t8v5n3q6h/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo