CVE-2025-0875 - Vulnerability Details - OpenCVE

Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0282

History

Mon, 22 Sep 2025 08:15:00 +0000

Type	Values Removed	Values Added
Description		Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328.
Title		IDOR in Proliz Software's OBS
Weaknesses		CWE-639
References		https://www.usom.gov.tr/bildirim/tr-25-0282
Metrics		cvssV3_1 `{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-09-22T08:02:09.660Z

Updated: 2025-09-22T08:02:09.660Z

Reserved: 2025-01-30T11:24:17.758Z

Link: CVE-2025-0875

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0875", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-01-30T11:24:17.758Z", "datePublished": "2025-09-22T08:02:09.660Z", "dateUpdated": "2025-09-22T08:02:09.660Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OBS (Student Affairs Information System)", "vendor": "PROLIZ Computer Software Hardware Service Trade Ltd. Co.", "versions": [{"lessThan": "v26.0328", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mustafa An\u0131l YILDIRIM"}], "datePublic": "2025-09-22T07:56:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.<p>This issue affects OBS (Student Affairs Information System): before v26.0328.</p>"}], "value": "Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328."}], "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-09-22T08:02:09.660Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0282"}], "source": {"advisory": "TR-25-0282", "defect": ["TR-25-0282"], "discovery": "UNKNOWN"}, "title": "IDOR in Proliz Software's OBS", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}