CVE-2025-8792
Published: 10 August 2025
Summary
CVE-2025-8792 is a low-severity Client-Side Enforcement of Server-Side Security (CWE-602) vulnerability in Litmuschaos Litmus. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Masquerade Account Name (T1036.010); ranked at the 46.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24074
Vulnerability details
A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. It is possible to launch the attack remotely. The exploit has been…
more
disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables bypassing client-side validation of special characters (e.g., !@#$%¨&*) in user profile display names, facilitating T1036.010 Masquerade Account Name by allowing adversaries to craft deceptive display names.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.