Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Sensaway by Birtech Information Technologies Industry and Trade Ltd. Co.

    CVE-2025-10465 (GCVE-0-2025-10465)

    Vulnerability from nvd – Published: 2026-02-09 12:57 – Updated: 2026-06-05 08:42
    VLAI
    Title
    Unrestricted File Upload in Birtech Information Technologies' Sensaway
    Summary
    Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server. This issue affects Sensaway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Date Public
    2026-02-09 12:50
    Credits
    Abdüssamed GÜZEY
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T15:38:07.395943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T15:38:23.116Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Sensaway",
              "vendor": "Birtech Information Technologies Industry and Trade Ltd. Co.",
              "versions": [
                {
                  "lessThanOrEqual": "09022026",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abd\u00fcssamed G\u00dcZEY"
            }
          ],
          "datePublic": "2026-02-09T12:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.\u003cp\u003eThis issue affects Sensaway: through 09022026. NOTE:\u0026nbsp;Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology.\u003c/p\u003e"
                }
              ],
              "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.\n\nThis issue affects Sensaway: through 09022026. NOTE:\u00a0Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-650",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-650 Upload a Web Shell to a Web Server"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T08:42:37.061Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-26-0022"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0022"
            }
          ],
          "source": {
            "advisory": "TR-26-0022",
            "defect": [
              "TR-26-0022"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Unrestricted File Upload in Birtech Information Technologies\u0027 Sensaway",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-10465",
        "datePublished": "2026-02-09T12:57:37.050Z",
        "dateReserved": "2025-09-15T07:21:57.701Z",
        "dateUpdated": "2026-06-05T08:42:37.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10465 (GCVE-0-2025-10465)

    Vulnerability from cvelistv5 – Published: 2026-02-09 12:57 – Updated: 2026-06-05 08:42
    VLAI
    Title
    Unrestricted File Upload in Birtech Information Technologies' Sensaway
    Summary
    Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server. This issue affects Sensaway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Date Public
    2026-02-09 12:50
    Credits
    Abdüssamed GÜZEY
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T15:38:07.395943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T15:38:23.116Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Sensaway",
              "vendor": "Birtech Information Technologies Industry and Trade Ltd. Co.",
              "versions": [
                {
                  "lessThanOrEqual": "09022026",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abd\u00fcssamed G\u00dcZEY"
            }
          ],
          "datePublic": "2026-02-09T12:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.\u003cp\u003eThis issue affects Sensaway: through 09022026. NOTE:\u0026nbsp;Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology.\u003c/p\u003e"
                }
              ],
              "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.\n\nThis issue affects Sensaway: through 09022026. NOTE:\u00a0Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-650",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-650 Upload a Web Shell to a Web Server"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T08:42:37.061Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-26-0022"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0022"
            }
          ],
          "source": {
            "advisory": "TR-26-0022",
            "defect": [
              "TR-26-0022"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Unrestricted File Upload in Birtech Information Technologies\u0027 Sensaway",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-10465",
        "datePublished": "2026-02-09T12:57:37.050Z",
        "dateReserved": "2025-09-15T07:21:57.701Z",
        "dateUpdated": "2026-06-05T08:42:37.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }