CVE-2025-10161
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-11
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| turkguven_software_technologies_inc. | perfektive | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-602 | The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
| CWE-807 | The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. |
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Turkguven Software Technologies Inc. Perfektive involves improper restriction of excessive authentication attempts, client-side enforcement of server-side security, and reliance on untrusted inputs in security decisions. It allows attackers to perform brute force attacks, bypass authentication, and bypass functionality in affected versions before 12574 Build 2701.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access through brute force or authentication bypass, potentially allowing attackers to access sensitive information, disrupt functionality, or compromise system integrity.