CVE-2025-8532
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-09-30
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bimser_solution_software | eba_document_and_workflow_management_system | 6.7.164 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authorization Bypass Through User-Controlled Key in the Bimser Solution Software Trade Inc. EBA Document and Workflow Management System. It involves improper authorization where an attacker can exploit trusted identifiers and manipulate variables to bypass authorization controls, potentially gaining unauthorized access or privileges.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access or actions within the affected system, potentially allowing attackers to manipulate or access sensitive documents and workflows. This can compromise the integrity and confidentiality of data, leading to information leakage or unauthorized changes.