{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-2311", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-03-14T13:25:01.277Z", "datePublished": "2025-03-20T11:55:51.628Z", "dateUpdated": "2026-06-06T06:14:52.819Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-06T06:14:52.819Z" }, "title": "Authentication Bypass in Sechard Information Technologies' SecHard", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-648", "description": "CWE-648 Incorrect Use of Privileged APIs", "type": "CWE" } ] }, { "descriptions": [ { "lang": "en", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "type": "CWE" } ] }, { "descriptions": [ { "lang": "en", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-115", "descriptions": [ { "lang": "en", "value": "CAPEC-115 Authentication Bypass" } ] }, { "capecId": "CAPEC-113", "descriptions": [ { "lang": "en", "value": "CAPEC-113 Interface Manipulation" } ] }, { "capecId": "CAPEC-114", "descriptions": [ { "lang": "en", "value": "CAPEC-114 Authentication Abuse" } ] }, { "capecId": "CAPEC-383", "descriptions": [ { "lang": "en", "value": "CAPEC-383 Harvesting Information via API Event Monitoring" } ] } ], "affected": [ { "vendor": "Sechard Information Technologies", "product": "SecHard", "versions": [ { "status": "affected", "version": "0", "lessThan": "3.3.0.20220411", "versionType": "custom" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.\n\nThis issue affects SecHard: before 3.3.0.20220411.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.
This issue affects SecHard: before 3.3.0.20220411.
" } ] } ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-25-0074", "tags": [ "government-resource", "broken-link" ] }, { "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0074", "tags": [ "government-resource" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } } ], "credits": [ { "lang": "en", "value": "Berat Ugur DEMIRKAN", "type": "finder" }, { "lang": "en", "value": "BG-TEK Cyber Security", "type": "sponsor" } ], "source": { "defect": [ "TR-25-0074" ], "advisory": "TR-25-0074", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-03-20T13:01:52.171386Z", "id": "CVE-2025-2311", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T13:05:28.736Z" } } ] } }