Session Fixation Vulnerability in Creativeitem Academy LMS by Creativeitem
CVE-2025-56746

2.2LOW

Key Information:

Vendor: Creativeitem
Status: Creativeitem Academy LMS
Vendor: CVE Published:; 15 October 2025

🔔 Create Creativeitem Vulnerability Alert

What is CVE-2025-56746?

The Creativeitem Academy LMS, up to version 5.13, contains a vulnerability that fails to regenerate session IDs post-authentication. This oversight allows attackers to exploit session fixation vulnerabilities, potentially permitting them to hijack legitimate user sessions by predicting or controlling session identifiers. As a result, users may unknowingly provide unauthorized access to their accounts, compromising sensitive data and user privacy.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://suryadina.com/academy-lms-session-fixation-1t8v5n...

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Aug 17, 2025

JSON

Creativeitem

What is CVE-2025-56746?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.