Sarman Soft Software CVE-2025-6967
HIGHSeverity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS contains a security vulnerability (CVSS 8.7).
Technical ContextAI
affects Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS. Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected ProductsAI
Product: Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-698 – Execution After Redirect (EAR)
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today