Session Fixation Vulnerability in Creativeitem Academy LMS by Creativeitem
CVE-2025-56746
2.2LOW
What is CVE-2025-56746?
The Creativeitem Academy LMS, up to version 5.13, contains a vulnerability that fails to regenerate session IDs post-authentication. This oversight allows attackers to exploit session fixation vulnerabilities, potentially permitting them to hijack legitimate user sessions by predicting or controlling session identifiers. As a result, users may unknowingly provide unauthorized access to their accounts, compromising sensitive data and user privacy.