CVE-2025-8886 - Vulnerability Details - OpenCVE

Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authentication Bypass.This issue affects Aybs Interaktif: from 2024 through 28082025.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0329

History

Fri, 10 Oct 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description		Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authentication Bypass.This issue affects Aybs Interaktif: from 2024 through 28082025.
Title		Authorization Bypass in Usta Information Systems' Aybs Interaktif
Weaknesses		CWE-200 CWE-732 CWE-862 CWE-863
References		https://www.usom.gov.tr/bildirim/tr-25-0329
Metrics		cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-10-10T13:48:28.078Z

Updated: 2025-10-10T13:48:28.078Z

Reserved: 2025-08-12T08:54:55.498Z

Link: CVE-2025-8886

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-10T14:15:43.860

Modified: 2025-10-10T14:15:43.860

Link: CVE-2025-8886

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8886", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-08-12T08:54:55.498Z", "datePublished": "2025-10-10T13:48:28.078Z", "dateUpdated": "2025-10-10T13:48:28.078Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Aybs Interaktif", "vendor": "Usta Information Systems Inc.", "versions": [{"lessThanOrEqual": "28082025", "status": "affected", "version": "2024", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Can Nesimi ARI"}], "datePublic": "2025-10-10T13:48:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authentication Bypass.<p>This issue affects Aybs Interaktif: from 2024 through 28082025.</p>"}], "value": "Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authentication Bypass.This issue affects Aybs Interaktif: from 2024 through 28082025."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}, {"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-10-10T13:48:28.078Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0329"}], "source": {"advisory": "TR-25-0329", "defect": ["TR-25-0329"], "discovery": "UNKNOWN"}, "title": "Authorization Bypass in Usta Information Systems' Aybs Interaktif", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}