Skip to main content

Enterprise Video Platform CVE-2026-12694

CRITICAL
Missing Authorization (CWE-862)
2026-07-17 iletisim@usom.gov.tr
9.1
CVSS 3.1 · Vendor: usom
Share

Severity by source

Vendor (usom) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
vuln.today AI
9.1 CRITICAL

Missing authorization on a network endpoint permits unauthenticated (PR:N), low-complexity state-changing calls affecting integrity and availability; no data disclosure, so C:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (usom).

CVSS VectorVendor: usom

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 17, 2026 - 17:30 vuln.today
CVE Published
Jul 17, 2026 - 17:17 nvd
CRITICAL 9.1

DescriptionCVE.org

Missing Authorization vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

AnalysisAI

Improper access control in Vimesoft Enterprise Video Platform (versions 3.11.0.0 up to but not including 3.25.0) allows remote unauthenticated attackers to invoke privileged functionality that is not properly constrained by access control lists. Because the missing authorization check exposes state-changing operations, an attacker can modify or disrupt platform data and availability without credentials. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach platform endpoint over network
Delivery
Send request to unauthorized function
Exploit
Bypass missing ACL check
Execution
Execute privileged operation
Impact
Alter data or disrupt service

Vulnerability AssessmentAI

Exploitation Per the CVSS vector (AV:N/AC:L/PR:N/UI:N), no special conditions are required - remote unauthenticated exploitation is possible against network-reachable deployments of Enterprise Video Platform in the affected 3.11.0.0-3.24.x range. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 9.1 (Critical) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, indicating network-reachable, low-complexity, unauthenticated exploitation with no user interaction and high impact to integrity and availability but no confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the platform over the network sends a crafted request directly to a privileged function that lacks an authorization check, performing a state-changing action (such as altering configuration or media/session data) without holding an account. Because no authentication, user interaction, or special conditions are required, the request succeeds against a default deployment, damaging data integrity and service availability. …
Remediation Upgrade Enterprise Video Platform to version 3.25.0 or later, which is the first release outside the affected range and therefore the vendor-released fixed version (Vendor-released patch: 3.25.0). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all Vimesoft deployments to identify affected versions (3.11.0.0-3.24.x); review platform audit logs for suspicious state-changing operations; restrict network access to the platform through firewall rules or network segmentation to minimize attack surface. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12694 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy