CVE-2025-4378

Published: Jun 24, 2025Modified: Jun 5, 2026Deferred

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Exploitability: 3.9 / Impact: 6.0

Source: iletisim@usom.gov.tr (Secondary)

Description

Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025.

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0135

Source: iletisim@usom.gov.tr

https://www.usom.gov.tr/bildirim/tr-25-0135

Source: iletisim@usom.gov.tr

Timeline

No history available yet.