CVE-2025-8532

Published: Sep 19, 2025Modified: Sep 30, 2025

6.4

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N

Exploitability: 1.1 / Impact: 4.7

Source: iletisim@usom.gov.tr (Secondary)

Description

Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing.This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166.

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

https://www.usom.gov.tr/bildirim/tr-25-0280

Source: iletisim@usom.gov.tr

Timeline

No history available yet.