CVE-2025-8887

Published: Oct 10, 2025Modified: Jun 5, 2026Deferred

6.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Exploitability: 1.8 / Impact: 4.2

Source: iletisim@usom.gov.tr (Secondary)

Description

Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation. This issue affects Aybs Interaktif: from 2024 through 28082025.

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0329

Source: iletisim@usom.gov.tr

https://www.usom.gov.tr/bildirim/tr-25-0329

Source: iletisim@usom.gov.tr

Timeline

No history available yet.