Client-Side Security Enforcement Vulnerability in LitmusChaos by Chaos Engineering
CVE-2025-8792

5.3MEDIUM

Key Information:

Vendor

Litmuschaos

Status
Litmus
Vendor
CVE Published:
10 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-8792?

A vulnerability has been identified in LitmusChaos, specifically affecting versions up to 3.19.0. This issue involves a critical concern where enforcement of server-side security can be manipulated on the client side. This manipulation process allows for potential remote attacks, enabling an adversary to exploit the vulnerability without needing direct access. Despite attempts to inform the vendor about the disclosed exploit, there has been no response, thus increasing risks for users and organizations relying on LitmusChaos.

Affected Version(s)

Litmus 3.0

Litmus 3.1

Litmus 3.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-8792 - Proof of Concept

References

https://vuldb.com/?id.319320
vdb-entry
https://vuldb.com/?ctiid.319320
signaturepermissions-required
https://vuldb.com/?submit.625952
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

maique (VulDB User)
.
CVE-2025-8792 : Client-Side Security Enforcement Vulnerability in LitmusChaos by Chaos Engineering