{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11959", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-10-20T12:32:42.580Z", "datePublished": "2025-11-11T14:11:50.111Z", "dateUpdated": "2025-11-11T14:11:50.111Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Excavation Management Information System", "vendor": "Premierturk Information Technologies Inc.", "versions": [{"lessThan": "v.10.2025.01", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "\u0130brahim Y\u0130\u011e\u0130TSOY"}], "datePublic": "2025-11-11T14:02:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.<p>This issue affects Excavation Management Information System: before v.10.2025.01.</p>"}], "value": "Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.This issue affects Excavation Management Information System: before v.10.2025.01."}], "impacts": [{"capecId": "CAPEC-169", "descriptions": [{"lang": "en", "value": "CAPEC-169 Footprinting"}]}, {"capecId": "CAPEC-212", "descriptions": [{"lang": "en", "value": "CAPEC-212 Functionality Misuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-359", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-11-11T14:11:50.111Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0388"}], "source": {"advisory": "TR-25-0388", "defect": ["TR-25-0388"], "discovery": "UNKNOWN"}, "title": "Improper Access Control in Premierturk's Excavation Management Information System", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.This issue affects Excavation Management Information System: before v.10.2025.01."}], "id": "CVE-2025-11959", "lastModified": "2025-11-12T16:19:34.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "iletisim@usom.gov.tr", "type": "Primary"}]}, "published": "2025-11-11T15:15:35.550", "references": [{"source": "iletisim@usom.gov.tr", "url": "https://www.usom.gov.tr/bildirim/tr-25-0388"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}, {"lang": "en", "value": "CWE-552"}], "source": "iletisim@usom.gov.tr", "type": "Primary"}]}

{}