CVE-2025-2311

{"id": "CVE-2025-2311", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2025-03-20T12:15:14.750", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0074", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-319"}, {"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-648"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411."}, {"lang": "es", "value": "Vulnerabilidad de uso incorrecto de API privilegiadas, transmisi\u00f3n de texto sin cifrar de informaci\u00f3n confidencial y credenciales insuficientemente protegidas en Sechard Information Technologies SecHard permite la omisi\u00f3n de la autenticaci\u00f3n, la manipulaci\u00f3n de la interfaz, el abuso de la autenticaci\u00f3n y la recopilaci\u00f3n de informaci\u00f3n mediante la supervisi\u00f3n de eventos de API. Este problema afecta a SecHard: antes de 3.3.0.20220411."}], "lastModified": "2025-03-21T07:15:36.820", "sourceIdentifier": "[email protected]"}