{"api_version":"1","generated_at":"2026-06-05T07:55:31+00:00","cve":"CVE-2025-11145","urls":{"html":"https://cve.report/CVE-2025-11145","api":"https://cve.report/api/cve/CVE-2025-11145.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-11145","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-11145"},"summary":{"title":"User Enumeration in CBK Soft's enVision","description":"Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision allows Account Footprinting.\n\nThis issue affects enVision: before 250566.","state":"PUBLISHED","assigner":"TR-CERT","published_at":"2025-10-24 15:15:37","updated_at":"2026-04-15 00:35:42"},"problem_types":["CWE-200","CWE-203","CWE-359","CWE-203 CWE-203 Observable Discrepancy","CWE-200 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","CWE-359 CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"],"metrics":[{"version":"3.1","source":"iletisim@usom.gov.tr","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0361","name":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0361","refsource":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0361","tags":["government-resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0361","name":"https://www.usom.gov.tr/bildirim/tr-25-0361","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-11145","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11145","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc.","product":"enVision","version":"affected 250566 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Emre AKTAŞ","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"11145","cve":"CVE-2025-11145","epss":"0.000450000","percentile":"0.141320000","score_date":"2026-06-04","updated_at":"2026-06-05 00:02:14"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-11145","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-10-28T14:04:56.630174Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-10-28T14:05:07.301Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"enVision","vendor":"CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc.","versions":[{"lessThan":"250566","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Emre AKTAŞ"}],"datePublic":"2025-10-24T14:21:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision allows Account Footprinting.<p>This issue affects enVision: before 250566.</p>"}],"value":"Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision allows Account Footprinting.\n\nThis issue affects enVision: before 250566."}],"impacts":[{"capecId":"CAPEC-575","descriptions":[{"lang":"en","value":"CAPEC-575 Account Footprinting"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-203","description":"CWE-203 Observable Discrepancy","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-200","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-359","description":"CWE-359 Exposure of Private Personal Information to an Unauthorized Actor","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-04T19:44:41.463Z","orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT"},"references":[{"tags":["government-resource","broken-link"],"url":"https://www.usom.gov.tr/bildirim/tr-25-0361"},{"tags":["government-resource"],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0361"}],"source":{"advisory":"TR-25-0361","defect":["TR-25-0361"],"discovery":"UNKNOWN"},"title":"User Enumeration in CBK Soft's enVision","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","assignerShortName":"TR-CERT","cveId":"CVE-2025-11145","datePublished":"2025-10-24T14:25:37.498Z","dateReserved":"2025-09-29T08:22:55.571Z","dateUpdated":"2026-06-04T19:44:41.463Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-10-24 15:15:37","lastModifiedDate":"2026-04-15 00:35:42","problem_types":["CWE-200","CWE-203","CWE-359","CWE-203 CWE-203 Observable Discrepancy","CWE-200 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","CWE-359 CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"11145","Ordinal":"1","Title":"User Enumeration in CBK Soft's enVision","CVE":"CVE-2025-11145","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"11145","Ordinal":"1","NoteData":"Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision allows Account Footprinting.\n\nThis issue affects enVision: before 250566.","Type":"Description","Title":"User Enumeration in CBK Soft's enVision"}]}}}