CVE-2025-0642

Published: Oct 2, 2025Modified: Oct 2, 2025

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

Exploitability: 2.1 / Impact: 4.2

Source: iletisim@usom.gov.tr (Secondary)

Description

Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025.

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (1)

https://www.usom.gov.tr/bildirim/tr-25-0309

Source: iletisim@usom.gov.tr

Timeline

No history available yet.