CVE-2025-8886
Deferred
Deferred - Pending Action
BaseFortify
Publication date: 2025-10-10
Last updated on: 2026-06-05
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authentication Bypass.
This issue affects Aybs Interaktif: from 2024 through 28082025.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| usta_information_systems_inc | aybs_interaktif | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
