Search

Find a vulnerability

Search criteria

    2 vulnerabilities by Vimesoft Information Technologies and Software Inc.

    CVE-2025-11025 (GCVE-0-2025-11025)

    Vulnerability from nvd – Published: 2025-09-26 12:40 – Updated: 2026-06-04 19:46
    VLAI
    Title
    Information Disclosure in Vimeosoft Information Technologies' Vimesoft Corporate Messaging Platform
    Summary
    Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data. This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    References
    Impacted products
    Date Public
    2025-09-26 12:34
    Credits
    Berat AKŞİT Sencer KILIÇ Berat AKŞİT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11025",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-26T13:39:06.180229Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-26T13:39:22.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vimesoft Corporate Messaging Platform",
              "vendor": "Vimesoft Information Technologies and Software Inc.",
              "versions": [
                {
                  "lessThan": "V2.0.0",
                  "status": "affected",
                  "version": "V1.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Berat AK\u015e\u0130T"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sencer KILI\u00c7"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Berat AK\u015e\u0130T"
            }
          ],
          "datePublic": "2025-09-26T12:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.\u003c/p\u003e"
                }
              ],
              "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T19:46:20.740Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0300"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0300"
            }
          ],
          "source": {
            "advisory": "TR-25-0300",
            "defect": [
              "TR-25-0300"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure in Vimeosoft Information Technologies\u0027 Vimesoft Corporate Messaging Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-11025",
        "datePublished": "2025-09-26T12:40:31.008Z",
        "dateReserved": "2025-09-26T08:09:24.845Z",
        "dateUpdated": "2026-06-04T19:46:20.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11025 (GCVE-0-2025-11025)

    Vulnerability from cvelistv5 – Published: 2025-09-26 12:40 – Updated: 2026-06-04 19:46
    VLAI
    Title
    Information Disclosure in Vimeosoft Information Technologies' Vimesoft Corporate Messaging Platform
    Summary
    Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data. This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    References
    Impacted products
    Date Public
    2025-09-26 12:34
    Credits
    Berat AKŞİT Sencer KILIÇ Berat AKŞİT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11025",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-26T13:39:06.180229Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-26T13:39:22.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vimesoft Corporate Messaging Platform",
              "vendor": "Vimesoft Information Technologies and Software Inc.",
              "versions": [
                {
                  "lessThan": "V2.0.0",
                  "status": "affected",
                  "version": "V1.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Berat AK\u015e\u0130T"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sencer KILI\u00c7"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Berat AK\u015e\u0130T"
            }
          ],
          "datePublic": "2025-09-26T12:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.\u003c/p\u003e"
                }
              ],
              "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T19:46:20.740Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0300"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0300"
            }
          ],
          "source": {
            "advisory": "TR-25-0300",
            "defect": [
              "TR-25-0300"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure in Vimeosoft Information Technologies\u0027 Vimesoft Corporate Messaging Platform",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-11025",
        "datePublished": "2025-09-26T12:40:31.008Z",
        "dateReserved": "2025-09-26T08:09:24.845Z",
        "dateUpdated": "2026-06-04T19:46:20.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }