CVE-2025-9062
CVE-2025-9062
7.3
HighPublished:
Last updated:
Source:iletisim@usom.gov.tr
Deferred
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Adjacent
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- None
Description
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The vulnerability was learned to be remediated through reporter information and testing.
References
iletisim@usom.gov.tr
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0076iletisim@usom.gov.tr
https://www.usom.gov.tr/bildirim/tr-26-0076