CVE-2025-2311

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-2311
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.

9.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.usom.gov.tr/bildirim/tr-25-0074
Configurations

No configuration.

History

15 Apr 2026, 00:35

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de uso incorrecto de API privilegiadas, transmisión de texto sin cifrar de información confidencial y credenciales insuficientemente protegidas en Sechard Information Technologies SecHard permite la omisión de la autenticación, la manipulación de la interfaz, el abuso de la autenticación y la recopilación de información mediante la supervisión de eventos de API. Este problema afecta a SecHard: antes de 3.3.0.20220411.

21 Mar 2025, 07:15

Type Values Removed Values Added
Summary (en) Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Nebula Informatics SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411. (en) Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.

20 Mar 2025, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-20 12:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-2311

Mitre link : CVE-2025-2311

CVE.ORG link : CVE-2025-2311

JSON object : View

Products Affected

No product.

CWE
CWE-319

Cleartext Transmission of Sensitive Information

CWE-522

Insufficiently Protected Credentials

CWE-648

Incorrect Use of Privileged APIs