CVE-2025-4378 | THREATINT

Description

Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass.This issue affects ATA-AOF Mobile Application: before 20.06.2025.

PUBLISHED Reserved 2025-05-06 | Published 2025-06-24 | Updated 2025-06-25 | Assigner TR-CERT

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Problem types

CWE-319 Cleartext Transmission of Sensitive Information

CWE-798 Use of Hard-coded Credentials

Product status

Default status

unaffected

Any version before 20.06.2025

affected

Credits

Enes Alperen Hürüm finder

Berat Uğur Demirkan reporter

References

www.usom.gov.tr/bildirim/tr-25-0135

cve.org (CVE-2025-4378)

nvd.nist.gov (CVE-2025-4378)

Download JSON