Search criteria

1 vulnerability by Vimesoft Information Technologies and Software Inc.

CVE-2025-11025 (GCVE-0-2025-11025)

Vulnerability from cvelistv5 – Published: 2025-09-26 12:40 – Updated: 2025-09-26 13:39
VLAI
Title
Information Disclosure in Vimeosoft Information Technologies' Vimesoft Corporate Messaging Platform
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.
Severity
5.3 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE
  • CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
Impacted products
Date Public
2025-09-26 12:34
Credits
Berat AKŞİT Sencer KILIÇ Berat AKŞİT
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11025",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-26T13:39:06.180229Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-26T13:39:22.861Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Vimesoft Corporate Messaging Platform",
          "vendor": "Vimesoft Information Technologies and Software Inc.",
          "versions": [
            {
              "lessThan": "V2.0.0",
              "status": "affected",
              "version": "V1.3.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Berat AK\u015e\u0130T"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Sencer KILI\u00c7"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Berat AK\u015e\u0130T"
        }
      ],
      "datePublic": "2025-09-26T12:34:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-201",
              "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-26T12:43:09.756Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "url": "https://www.usom.gov.tr/bildirim/tr-25-0300"
        }
      ],
      "source": {
        "advisory": "TR-25-0300",
        "defect": [
          "TR-25-0300"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Information Disclosure in Vimeosoft Information Technologies\u0027 Vimesoft Corporate Messaging Platform",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2025-11025",
    "datePublished": "2025-09-26T12:40:31.008Z",
    "dateReserved": "2025-09-26T08:09:24.845Z",
    "dateUpdated": "2025-09-26T13:39:22.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}