CVE-2025-8855
BaseFortify
Publication date: 2025-11-14
Last updated on: 2025-11-14
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| optimus | brokerage_automation | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-302 | The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker. |
| CWE-640 | The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. |
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Optimus Software Brokerage Automation before version 1.1.71 involves authorization bypass through a user-controlled key, a weak password recovery mechanism for forgotten passwords, and authentication bypass by assumed-immutable data. It allows attackers to exploit trust in the client, bypass authentication, and manipulate registry information.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access by bypassing authentication mechanisms, potentially allowing attackers to manipulate registry information and exploit trust in the client. This can result in compromised system integrity and unauthorized actions within the affected software.