CVE-2025-12059
Sensitive Data Exposure via Access Control Flaw in Logo j-Platform
Publication date: 2026-02-11
Last updated on: 2026-02-12
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| logo_software_industry_and_trade_inc | logo_j-platform | From 3.29.6.4 (inc) to 13112025 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-538 | The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the insertion of sensitive information into files or directories that are accessible externally. It occurs due to incorrectly configured access control security levels in the Logo j-Platform software by Logo Software Industry and Trade Inc. This misconfiguration allows unauthorized parties to exploit the system and gain access to sensitive data.
How can this vulnerability impact me? :
The vulnerability can have a severe impact as it allows unauthorized access to sensitive information, potentially leading to data breaches. According to the CVSS score of 9.8, it can result in high confidentiality, integrity, and availability impacts, meaning attackers could steal, modify, or disrupt critical data and services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know