CVE-2025-2311 — CRITICAL (9.0)

Vulnerability Description

Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.

CVSS Score

9.0

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-648 CWE-522 CWE-319

References

https://www.usom.gov.tr/bildirim/tr-25-0074

FAQ

What is CVE-2025-2311?

CVE-2025-2311 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication ...

How severe is CVE-2025-2311?

CVE-2025-2311 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-2311?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.