← Back

CVE-2025-14349

nvd nist
Published: Feb 13, 2026Modified: Jun 4, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: iletisim@usom.gov.tr (Secondary)

Description

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

Affected (1)

Products: Uni Yaz: Flexcity
Uni Yaz
1 product
Flexcity
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Flexcity
From 1.0 to 1.0.36

Related CWEs

CWE-267
Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

Source: iletisim@usom.gov.tr
Source: iletisim@usom.gov.tr
Third Party Advisory

Timeline

No history available yet.