Improper Authorization in Nebim Neyir's Nebim V3 ERP
Summary
| CVE | CVE-2025-13506 |
|---|---|
| State | PUBLISHED |
| Assigner | TR-CERT |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-12-12 13:15:43 UTC |
| Updated | 2026-06-04 07:16:25 UTC |
| Description | Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database. This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1. |
Risk And Classification
Primary CVSS: v3.1 8.8 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.000900000 probability, percentile 0.254920000 (date 2026-06-08)
Problem Types: CWE-250 | CWE-250 CWE-250 Execution with Unnecessary Privileges
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Nebim Neyir Computer Industry And Services Inc. | Nebim V3 ERP | affected 2.0.59 3.0.1 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.usom.gov.tr/bildirim/tr-25-0450 | [email protected] | www.usom.gov.tr | |
| siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0450 | [email protected] | siberguvenlik.gov.tr | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Mehmet Tolga DEMİRCİ (en)
There are currently no legacy QID mappings associated with this CVE.