CVE-2025-0546
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2025-09-17

Last updated on: 2026-06-06

Assigner: Computer Emergency Response Team of the Republic of Turkey

Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges.Β  This issue affects MevzuatTR: before 12.02.2025.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2026-06-06
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-0546
EUVD
EUVD-2025-29710
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mevzuattr mevzuattrtr *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-1021 The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), combined with Improper Restriction of Rendered UI Layers or Frames in the Mevzuattr Software MevzuatTR. It allows attackers with high privileges to perform phishing, iFrame overlay, clickjacking, and forceful browsing attacks by exploiting how the software handles input and UI rendering.

Impact Analysis

If exploited, this vulnerability can lead to phishing attacks, where users may be tricked into revealing sensitive information. It can also enable iFrame overlay and clickjacking attacks, potentially causing users to unknowingly perform actions or disclose data. Additionally, forceful browsing may allow unauthorized access to restricted areas. Overall, it can compromise confidentiality, integrity, and availability of the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-0546. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart