CVE-2025-5260
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-08-20
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pik_online_yazilim_cozumleri | pik_online | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) in Pik Online Yazılım Çözümleri A.Ş. Pik Online software versions before 3.1.5. SSRF allows an attacker to make the server perform unauthorized requests to internal or external resources, potentially accessing sensitive information or services that are not directly exposed.
How can this vulnerability impact me? :
The SSRF vulnerability can impact you by allowing attackers to access internal systems or data that should be protected, potentially leading to data exposure, partial system compromise, or disruption of services. The CVSS score indicates a high severity with potential high confidentiality impact, low integrity impact, and low availability impact.