Skip to main content

docuFORM Managed Print Service Client CVE-2025-65415

| EUVDEUVD-2025-209774 MEDIUM
Session Fixation (CWE-384)
2026-05-11 mitre GHSA-m2fh-h99m-5gh4
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
May 11, 2026 - 20:39 vuln.today
CVSS changed
May 11, 2026 - 20:37 NVD
5.4 (MEDIUM)
CVE Published
May 11, 2026 - 00:00 nvd
MEDIUM 5.4
CVE Published
May 11, 2026 - 00:00 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application.

AnalysisAI

Session fixation vulnerability in docuFORM Managed Print Service Client 11.11c allows unauthenticated remote attackers to hijack user sessions via the login page, enabling unauthorized access to application functions and potential disclosure of sensitive print job data. The vulnerability requires user interaction (clicking a malicious link) and affects confidentiality and integrity with a CVSS score of 5.4. No public exploit code or active exploitation has been confirmed at the time of analysis.

Technical ContextAI

The vulnerability is a session fixation attack (CWE-384) occurring at the application's authentication layer. Session fixation exploits occur when an application fails to invalidate and regenerate session identifiers upon successful user authentication. An attacker can pre-establish a known session ID, trick a user into authenticating with that session, and then reuse the same session ID to impersonate the authenticated user. In this case, the flaw exists in the login page of docuFORM's Managed Print Service Client, a print management application. The attack vector is network-based and does not require authentication or special privileges from the attacker, but does require user interaction (UI:R), indicating the victim must be socially engineered or tricked into accessing a malicious link or form that fixes the session identifier.

RemediationAI

Contact docuFORM support at docuform.de to determine if a patched version of the Managed Print Service Client is available, as no specific patch version is confirmed in the available source data. If a patch has not been released, implement immediate compensating controls: enforce HTTPS-only communication for all login sessions to prevent session ID interception in transit; configure browsers and proxies to enforce secure session cookie attributes (Secure, HttpOnly, SameSite=Strict) to limit attacker ability to inject or steal session tokens; educate users not to click suspicious links that pre-establish session parameters and to always log in directly by typing the application URL; and implement server-side session validation requiring users to re-authenticate when accessing sensitive print job functions. Monitor for suspicious session activity, such as multiple login attempts from different IP addresses using the same session ID. If the vendor publishes an update, upgrade to the patched version immediately and regenerate all active sessions upon deployment.

CVE-2017-12965 CRITICAL POC
9.8 Aug 23

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID pa

CVE-2025-28242 CRITICAL POC
9.8 Apr 18

Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session

CVE-2022-40916 CRITICAL POC
9.8 Feb 06

Tiny File Manager v2.4.7 and below is vulnerable to session fixation. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2025-45949 CRITICAL POC
9.8 Apr 28

A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /login

CVE-2023-48929 CRITICAL POC
9.8 Dec 08

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. Rated criti

CVE-2023-41012 CRITICAL POC
9.8 Sep 05

An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to exe

CVE-2023-31498 CRITICAL POC
9.8 May 11

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to ex

CVE-2022-3269 CRITICAL POC
9.8 Sep 23

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2021-39290 CRITICAL POC
9.8 Aug 23

Certain NetModule devices allow Limited Session Fixation via PHPSESSID. Rated critical severity (CVSS 9.8), this vulnera

CVE-2020-11729 CRITICAL POC
9.8 Apr 15

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Rated critical severity (CVSS 9.8), this v

CVE-2019-18418 CRITICAL POC
9.8 Oct 24

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests be

CVE-2018-18925 CRITICAL POC
9.8 Nov 04

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." s

Share

CVE-2025-65415 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy