github - ghsa-3grp-7h7h-xcr6

ghsa-3grp-7h7h-xcr6

Vulnerability from github

Published

2025-09-19 15:31

Modified

2025-09-30 15:30

Severity ?

6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N

Details

Authorization Bypass Through User-Controlled Key, CWE - 862 - Missing Authorization, – Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows – Exploitation of Trusted Identifiers, – Exploitation of Authorization, – Variable Manipulation.This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-8532"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-19T15:15:49Z",
    "severity": "MODERATE"
  },
  "details": "Authorization Bypass Through User-Controlled Key, CWE - 862 - Missing Authorization, \u2013 Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows \u2013 Exploitation of Trusted Identifiers, \u2013 Exploitation of Authorization, \u2013 Variable Manipulation.This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166.",
  "id": "GHSA-3grp-7h7h-xcr6",
  "modified": "2025-09-30T15:30:28Z",
  "published": "2025-09-19T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8532"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-25-0280"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2025-8532

Vulnerability from cvelistv5

Published

2025-09-19 14:12

Modified

2025-09-30 13:18

Severity ?

6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N

Summary

IDOR in Bimser's eBA Document and Workflow Management System

References

▼	URL	Tags
	https://www.usom.gov.tr/bildirim/tr-25-0280

Impacted products

▼	Vendor	Product
	Bimser Solution Software Trade Inc.	eBA Document and Workflow Management System

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8532",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-19T14:27:14.015299Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-19T14:27:47.778Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "eBA Document and Workflow Management System",
          "vendor": "Bimser Solution Software Trade Inc.",
          "versions": [
            {
              "lessThan": "6.7.166",
              "status": "affected",
              "version": "6.7.164",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Aysun EY\u0130Z"
        }
      ],
      "datePublic": "2025-09-19T14:11:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing.\u003cp\u003eThis issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing.This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-87",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-87 Forceful Browsing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285 Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-30T13:18:19.705Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "url": "https://www.usom.gov.tr/bildirim/tr-25-0280"
        }
      ],
      "source": {
        "advisory": "TR-25-0280",
        "defect": [
          "TR-25-0280"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "IDOR in Bimser\u0027s eBA Document and Workflow Management System",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2025-8532",
    "datePublished": "2025-09-19T14:12:21.442Z",
    "dateReserved": "2025-08-04T08:48:32.568Z",
    "dateUpdated": "2025-09-30T13:18:19.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.