CVE-2025-11025 | THREATINT

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.

PUBLISHED Reserved 2025-09-26 | Published 2025-09-26 | Updated 2025-09-26 | Assigner TR-CERT

MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem types

CWE-201 Insertion of Sensitive Information Into Sent Data

Product status

Default status

unaffected

V1.3.0 before V2.0.0

affected

Credits

Berat AKŞİT finder

Sencer KILIÇ finder

Berat AKŞİT reporter

References

www.usom.gov.tr/bildirim/tr-25-0300

cve.org (CVE-2025-11025)

nvd.nist.gov (CVE-2025-11025)

Download JSON