What is the CVSS score of CVE-2025-9062?

CVE-2025-9062 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Industrial are affected by CVE-2025-9062?

Envanty users face a critical authorization bypass vulnerability that could allow attackers to access data and functionality they shouldn't be permitted to use.

How to fix or mitigate CVE-2025-9062?

Within 24 hours: Inventory all Envanty deployments and identify systems handling sensitive data; implement network segmentation to limit lateral movement if compromise occurs. Within 7 days: Contact MeCODE Informatics for emergency patches or workarounds; enable enhanced logging on all Envanty instances to detect exploitation attempts. Within 30 days: Deploy compensating controls listed below; conduct security assessment of Envanty environment for signs of unauthorized access; develop migration plan if vendor remediation timeline is unacceptable.

Industrial CVE-2025-9062

HIGH

Authorization Bypass Through User-Controlled Key (CWE-639)

2026-02-19 iletisim@usom.gov.tr

Industrial

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:03 vuln.today

CVE Published

Feb 19, 2026 - 11:15 nvd

HIGH 7.3

DescriptionNVD

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The vulnerability was learned to be remediated through reporter information and testing.

AnalysisAI

MeCODE Informatics and Engineering Services Ltd. Envanty is affected by authorization bypass through user-controlled key (CVSS 7.3).

Technical ContextAI

This vulnerability (CWE-639: Authorization Bypass Through User-Controlled Key) affects MeCODE Informatics and Engineering Services Ltd. Envanty. Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The vulnerability was learned to be remediated through reporter information and testing.

Affected ProductsAI

Product: MeCODE Informatics and Engineering Services Ltd. Envanty.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-9062 vulnerability details – vuln.today

Back