CVE-2025-7708 (GCVE-0-2025-7708)
Vulnerability from cvelistv5 – Published: 2026-02-09 11:45 – Updated: 2026-03-25 14:13
VLAI
Title
Sensitive Data Exposure in Atlas Software's k12net
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
6.8 (Medium)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlas Educational Software Industry Ltd. Co. | k12net |
Affected:
0 , ≤ 09022026
(custom)
|
Date Public
2026-02-09 11:34
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T12:58:31.244383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T13:00:37.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "k12net",
"vendor": "Atlas Educational Software Industry Ltd. Co.",
"versions": [
{
"lessThanOrEqual": "09022026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u015eahnur Eren ALO\u011eLU"
}
],
"datePublic": "2026-02-09T11:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.\u003cp\u003eThis issue affects k12net: through 09022026.\u0026nbsp;NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"impacts": [
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:13:51.408Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-26-0021"
}
],
"source": {
"advisory": "TR-26-0021",
"defect": [
"TR-26-0021"
],
"discovery": "UNKNOWN"
},
"title": "Sensitive Data Exposure in Atlas Software\u0027s k12net",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-7708",
"datePublished": "2026-02-09T11:45:44.221Z",
"dateReserved": "2025-07-16T12:50:54.012Z",
"dateUpdated": "2026-03-25T14:13:51.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-7708",
"date": "2026-05-30",
"epss": "0.00019",
"percentile": "0.05479"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-7708\",\"sourceIdentifier\":\"iletisim@usom.gov.tr\",\"published\":\"2026-02-09T12:15:57.443\",\"lastModified\":\"2026-02-09T16:08:35.290\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"iletisim@usom.gov.tr\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.1,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"iletisim@usom.gov.tr\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-201\"}]}],\"references\":[{\"url\":\"https://www.usom.gov.tr/bildirim/tr-26-0021\",\"source\":\"iletisim@usom.gov.tr\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-7708\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-09T12:58:31.244383Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-09T13:00:30.165Z\"}}], \"cna\": {\"title\": \"Sensitive Data Exposure in Atlas Software\u0027s k12net\", \"source\": {\"defect\": [\"TR-26-0021\"], \"advisory\": \"TR-26-0021\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"\\u015eahnur Eren ALO\\u011eLU\"}], \"impacts\": [{\"capecId\": \"CAPEC-216\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-216 Communication Channel Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Atlas Educational Software Industry Ltd. Co.\", \"product\": \"k12net\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"09022026\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2026-02-09T11:34:00.000Z\", \"references\": [{\"url\": \"https://www.usom.gov.tr/bildirim/tr-26-0021\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026.\\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.\u003cp\u003eThis issue affects k12net: through 09022026.\u0026nbsp;NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\\n\\n\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-201\", \"description\": \"CWE-201 Insertion of Sensitive Information Into Sent Data\"}]}], \"providerMetadata\": {\"orgId\": \"ca940d4e-fea4-4aa2-9a58-591a58b1ce21\", \"shortName\": \"TR-CERT\", \"dateUpdated\": \"2026-02-09T11:45:44.221Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-7708\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-09T13:00:37.479Z\", \"dateReserved\": \"2025-07-16T12:50:54.012Z\", \"assignerOrgId\": \"ca940d4e-fea4-4aa2-9a58-591a58b1ce21\", \"datePublished\": \"2026-02-09T11:45:44.221Z\", \"assignerShortName\": \"TR-CERT\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…