CVE-2025-2311

Published: Mar 20, 2025Modified: Jun 6, 2026Deferred

9.0

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.3 / Impact: 6.0

Source: iletisim@usom.gov.tr (Secondary)

Description

Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring. This issue affects SecHard: before 3.3.0.20220411.

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

References (2)

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0074

Source: iletisim@usom.gov.tr

https://www.usom.gov.tr/bildirim/tr-25-0074

Source: iletisim@usom.gov.tr

Timeline

No history available yet.