{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-8887", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-08-12T08:55:17.112Z", "datePublished": "2025-10-10T13:56:07.123Z", "dateUpdated": "2026-06-05T11:16:31.022Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-05T11:16:31.022Z" }, "title": "IDOR in Usta Information Systems' Aybs Interaktif", "datePublic": "2025-10-10T13:55:00.000Z", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "type": "CWE" } ] }, { "descriptions": [ { "lang": "en", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "type": "CWE" } ] }, { "descriptions": [ { "lang": "en", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-87", "descriptions": [ { "lang": "en", "value": "CAPEC-87 Forceful Browsing" } ] }, { "capecId": "CAPEC-137", "descriptions": [ { "lang": "en", "value": "CAPEC-137 Parameter Injection" } ] }, { "capecId": "CAPEC-153", "descriptions": [ { "lang": "en", "value": "CAPEC-153 Input Data Manipulation" } ] } ], "affected": [ { "vendor": "Usta Information Systems Inc.", "product": "Aybs Interaktif", "versions": [ { "status": "affected", "version": "2024", "lessThanOrEqual": "28082025", "versionType": "custom" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation.\n\nThis issue affects Aybs Interaktif: from 2024 through 28082025.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation.
This issue affects Aybs Interaktif: from 2024 through 28082025.
" } ] } ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-25-0329", "tags": [ "government-resource", "broken-link" ] }, { "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0329", "tags": [ "government-resource" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" } } ], "credits": [ { "lang": "en", "value": "Can Nesimi ARI", "type": "finder" } ], "source": { "defect": [ "TR-25-0329" ], "advisory": "TR-25-0329", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-10-10T19:11:51.020148Z", "id": "CVE-2025-8887", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-10T19:12:02.062Z" } } ] } }