{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-11959", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-10-20T12:32:42.580Z", "datePublished": "2025-11-11T14:11:50.111Z", "dateUpdated": "2026-06-04T19:23:05.823Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-04T19:23:05.823Z" }, "title": "Improper Access Control in Premierturk's Excavation Management Information System", "datePublic": "2025-11-11T14:02:00.000Z", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "type": "CWE" } ] }, { "descriptions": [ { "lang": "en", "cweId": "CWE-359", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-169", "descriptions": [ { "lang": "en", "value": "CAPEC-169 Footprinting" } ] }, { "capecId": "CAPEC-212", "descriptions": [ { "lang": "en", "value": "CAPEC-212 Functionality Misuse" } ] } ], "affected": [ { "vendor": "Premierturk Information Technologies Inc.", "product": "Excavation Management Information System", "versions": [ { "status": "affected", "version": "0", "lessThan": "v.10.2025.01", "versionType": "custom" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.\n\nThis issue affects Excavation Management Information System: before v.10.2025.01.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.

This issue affects Excavation Management Information System: before v.10.2025.01.

" } ] } ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-25-0388", "tags": [ "government-resource", "broken-link" ] }, { "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0388", "tags": [ "government-resource" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } } ], "credits": [ { "lang": "en", "value": "İbrahim YİĞİTSOY", "type": "finder" } ], "source": { "defect": [ "TR-25-0388" ], "advisory": "TR-25-0388", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.5.0" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-11-12T14:54:23.229380Z", "id": "CVE-2025-11959", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T20:03:06.612Z" } } ] } }