CVE-2025-14349
Modified
Modified - Updated After Analysis
Privilege Escalation in FlexCity/Kiosk via Missing Authentication
Publication date: 2026-02-13
Last updated on: 2026-06-04
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.
This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| uni-yaz | flexcity | From 1.0 (inc) to 1.0.36 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-267 | A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity. |
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
