CVE-2025-1029 - Vulnerability Details - OpenCVE

Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0466

History

Thu, 18 Dec 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 18 Dec 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7.
Title		Hardcoded Credentials in Utarit Informatics' SoliClub
Weaknesses		CWE-798
References		https://www.usom.gov.tr/bildirim/tr-25-0466
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-12-18T14:16:22.136Z

Updated: 2025-12-18T15:33:10.709Z

Reserved: 2025-02-04T14:41:36.218Z

Link: CVE-2025-1029

Vulnrichment

Updated: 2025-12-18T15:31:00.598Z

NVD

Status : Received

Published: 2025-12-18T15:15:53.373

Modified: 2025-12-18T15:15:53.373

Link: CVE-2025-1029

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1029", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-02-04T14:41:36.218Z", "datePublished": "2025-12-18T14:16:22.136Z", "dateUpdated": "2025-12-18T15:33:10.709Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SoliClub", "vendor": "Utarit Information Services Inc.", "versions": [{"lessThan": "5.3.7", "status": "affected", "version": "5.2.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mustafa An\u0131l YILDIRIM"}], "datePublic": "2025-12-18T14:13:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.<p>This issue affects SoliClub: from 5.2.4 before 5.3.7.</p>"}], "value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7."}], "impacts": [{"capecId": "CAPEC-191", "descriptions": [{"lang": "en", "value": "CAPEC-191 Read Sensitive Constants Within an Executable"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-12-18T14:16:22.136Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0466"}], "source": {"advisory": "TR-25-0466", "defect": ["TR-25-0466"], "discovery": "UNKNOWN"}, "title": "Hardcoded Credentials in Utarit Informatics' SoliClub", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-18T15:30:59.536160Z", "id": "CVE-2025-1029", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T15:33:10.709Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1029", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-18T15:30:59.536160Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T15:31:00.598Z"}}], "cna": {"title": "Hardcoded Credentials in Utarit Informatics' SoliClub", "source": {"defect": ["TR-25-0466"], "advisory": "TR-25-0466", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Mustafa An\u0131l YILDIRIM"}], "impacts": [{"capecId": "CAPEC-191", "descriptions": [{"lang": "en", "value": "CAPEC-191 Read Sensitive Constants Within an Executable"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Utarit Information Services Inc.", "product": "SoliClub", "versions": [{"status": "affected", "version": "5.2.4", "lessThan": "5.3.7", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-12-18T14:13:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0466"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7.", "supportingMedia": [{"type": "text/html", "value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.<p>This issue affects SoliClub: from 5.2.4 before 5.3.7.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-12-18T14:16:22.136Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1029", "state": "PUBLISHED", "dateUpdated": "2025-12-18T15:33:10.709Z", "dateReserved": "2025-02-04T14:41:36.218Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2025-12-18T14:16:22.136Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}