CVE-2025-8887 - Vulnerability Details - OpenCVE

Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation.This issue affects Aybs Interaktif: from 2024 through 28082025.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0329

History

Fri, 10 Oct 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation.This issue affects Aybs Interaktif: from 2024 through 28082025.
Title		IDOR in Usta Information Systems' Aybs Interaktif
Weaknesses		CWE-200 CWE-639 CWE-862
References		https://www.usom.gov.tr/bildirim/tr-25-0329
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-10-10T13:56:07.123Z

Updated: 2025-10-10T13:56:16.843Z

Reserved: 2025-08-12T08:55:17.112Z

Link: CVE-2025-8887

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-10T14:15:44.043

Modified: 2025-10-10T14:15:44.043

Link: CVE-2025-8887

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8887", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-08-12T08:55:17.112Z", "datePublished": "2025-10-10T13:56:07.123Z", "dateUpdated": "2025-10-10T13:56:16.843Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Aybs Interaktif", "vendor": "Usta Information Systems Inc.", "versions": [{"lessThanOrEqual": "28082025", "status": "affected", "version": "2024", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Can Nesimi ARI"}], "datePublic": "2025-10-10T13:55:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation.<p>This issue affects Aybs Interaktif: from 2024 through 28082025.</p>"}], "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation.This issue affects Aybs Interaktif: from 2024 through 28082025."}], "impacts": [{"capecId": "CAPEC-87", "descriptions": [{"lang": "en", "value": "CAPEC-87 Forceful Browsing"}]}, {"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}, {"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-10-10T13:56:16.843Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0329"}], "source": {"advisory": "TR-25-0329", "defect": ["TR-25-0329"], "discovery": "UNKNOWN"}, "title": "IDOR in Usta Information Systems' Aybs Interaktif", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}