How to fix CVE-2025-8350?

Within 24 hours: Inventory all systems running affected versions (2.1.13-19022026) and isolate them from untrusted networks if possible. Within 7 days: Implement network-level access controls (WAF rules, IP whitelisting) to restrict access to critical functions, and apply any available vendor-provided workarounds. Within 30 days: Prioritize patching immediately upon vendor release, or plan migration to unaffected versions if patches are significantly delayed.

CVE-2025-8350

CRITICAL

2026-02-19 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:03 vuln.today

CVE Published

Feb 19, 2026 - 12:16 nvd

CRITICAL 9.8

Description

Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

Execution After Redirect + missing auth in BiEticaret CMS.

Technical Context

CWE-306.

Affected Products

['BiEticaret CMS']

Remediation

Apply patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +49

POC: 0

CVE-2025-8350 vulnerability details – vuln.today

Back

CVE-2025-8350

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-8350

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code