CVE-2025-0546
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-17
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mevzuattr | mevzuattrtr | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1021 | The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), combined with Improper Restriction of Rendered UI Layers or Frames in the Mevzuattr Software MevzuatTR. It allows attackers with high privileges to perform phishing, iFrame overlay, clickjacking, and forceful browsing attacks by exploiting how the software handles input and UI rendering.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to phishing attacks, where users may be tricked into revealing sensitive information. It can also enable iFrame overlay and clickjacking attacks, potentially causing users to unknowingly perform actions or disclose data. Additionally, forceful browsing may allow unauthorized access to restricted areas. Overall, it can compromise confidentiality, integrity, and availability of the system.