What is the CVSS score of CVE-2025-6967?

CVE-2025-6967 has a CVSS 3.1 base score of 8.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Sarman Soft Software are affected by CVE-2025-6967?

A high-severity vulnerability (CVSS 8.7) has been identified in Sarman Soft CMS with no available patch.

How to fix or mitigate CVE-2025-6967?

Within 24 hours: Identify all systems running Sarman Soft CMS and assess exposure to untrusted networks; isolate affected systems or restrict access if operationally feasible. Within 7 days: Implement compensating controls such as WAF rules, network segmentation, and enhanced monitoring; establish vendor communication to obtain patch timeline. Within 30 days: Deploy patch upon availability; conduct security assessment post-remediation; document all mitigations taken.

Sarman Soft Software CVE-2025-6967

HIGH

Execution After Redirect (EAR) (CWE-698)

2026-02-10 iletisim@usom.gov.tr

Authentication Bypass

8.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 10, 2026 - 14:16 nvd

HIGH 8.7

DescriptionNVD

Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS contains a security vulnerability (CVSS 8.7).

Technical ContextAI

affects Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS. Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected ProductsAI

Product: Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-6967 vulnerability details – vuln.today

Back

Sarman Soft Software CVE-2025-6967

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code