Skip to main content

Inrove Software CVE-2025-8350

CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-02-19 iletisim@usom.gov.tr
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:03 vuln.today
CVE Published
Feb 19, 2026 - 12:16 nvd
CRITICAL 9.8

DescriptionCVE.org

Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13 through 19022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Execution After Redirect + missing auth in BiEticaret CMS.

Technical ContextAI

CWE-306.

Affected ProductsAI

BiEticaret CMS

RemediationAI

Apply patch.

Share

CVE-2025-8350 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy