{"api_version":"1","generated_at":"2026-06-05T03:43:44+00:00","cve":"CVE-2025-11151","urls":{"html":"https://cve.report/CVE-2025-11151","api":"https://cve.report/api/cve/CVE-2025-11151.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-11151","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-11151"},"summary":{"title":"Information Disclosure in Beyaz Computer's CityPLus","description":"Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.\n\nThis issue affects CityPLus: before V24.29500.1.0.","state":"PUBLISHED","assigner":"TR-CERT","published_at":"2025-10-21 14:15:46","updated_at":"2026-04-15 00:35:42"},"problem_types":["CWE-200","CWE-497","CWE-200 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","CWE-497 CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere"],"metrics":[{"version":"3.1","source":"iletisim@usom.gov.tr","type":"Secondary","score":"8.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0351","name":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0351","refsource":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0351","tags":["government-resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0351","name":"https://www.usom.gov.tr/bildirim/tr-25-0351","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-11151","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11151","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co.","product":"CityPLus","version":"affected V24.29500.1.0 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Aleyna KABAL","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"11151","cve":"CVE-2025-11151","epss":"0.000450000","percentile":"0.141320000","score_date":"2026-06-04","updated_at":"2026-06-05 00:02:13"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-11151","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-10-21T13:41:11.361615Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-10-21T14:08:10.192Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"CityPLus","vendor":"Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co.","versions":[{"lessThan":"V24.29500.1.0","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Aleyna KABAL"}],"datePublic":"2025-10-21T12:10:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.<p>This issue affects CityPLus: before V24.29500.1.0.</p>"}],"value":"Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.\n\nThis issue affects CityPLus: before V24.29500.1.0."}],"impacts":[{"capecId":"CAPEC-143","descriptions":[{"lang":"en","value":"CAPEC-143 Detect Unpublicized Web Pages"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-497","description":"CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-04T19:42:25.194Z","orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT"},"references":[{"tags":["government-resource","broken-link"],"url":"https://www.usom.gov.tr/bildirim/tr-25-0351"},{"tags":["government-resource"],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0351"}],"source":{"advisory":"TR-25-0351","defect":["TR-25-0351"],"discovery":"UNKNOWN"},"title":"Information Disclosure in Beyaz Computer's CityPLus","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","assignerShortName":"TR-CERT","cveId":"CVE-2025-11151","datePublished":"2025-10-21T13:15:39.524Z","dateReserved":"2025-09-29T10:54:50.571Z","dateUpdated":"2026-06-04T19:42:25.194Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-10-21 14:15:46","lastModifiedDate":"2026-04-15 00:35:42","problem_types":["CWE-200","CWE-497","CWE-200 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","CWE-497 CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere"],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"11151","Ordinal":"1","Title":"Information Disclosure in Beyaz Computer's CityPLus","CVE":"CVE-2025-11151","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"11151","Ordinal":"1","NoteData":"Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.\n\nThis issue affects CityPLus: before V24.29500.1.0.","Type":"Description","Title":"Information Disclosure in Beyaz Computer's CityPLus"}]}}}