{"api_version":"1","generated_at":"2026-06-05T07:55:28+00:00","cve":"CVE-2025-11959","urls":{"html":"https://cve.report/CVE-2025-11959","api":"https://cve.report/api/cve/CVE-2025-11959.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-11959","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-11959"},"summary":{"title":"Improper Access Control in Premierturk's Excavation Management Information System","description":"Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.\n\nThis issue affects Excavation Management Information System: before v.10.2025.01.","state":"PUBLISHED","assigner":"TR-CERT","published_at":"2025-11-11 15:15:35","updated_at":"2026-04-15 00:35:42"},"problem_types":["CWE-359","CWE-552","CWE-552 CWE-552 Files or Directories Accessible to External Parties","CWE-359 CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"],"metrics":[{"version":"3.1","source":"iletisim@usom.gov.tr","type":"Secondary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://www.usom.gov.tr/bildirim/tr-25-0388","name":"https://www.usom.gov.tr/bildirim/tr-25-0388","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0388","name":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0388","refsource":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0388","tags":["government-resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-11959","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11959","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Premierturk Information Technologies Inc.","product":"Excavation Management Information System","version":"affected v.10.2025.01 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"İbrahim YİĞİTSOY","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"11959","cve":"CVE-2025-11959","epss":"0.000410000","percentile":"0.128350000","score_date":"2026-06-04","updated_at":"2026-06-05 00:02:13"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-11959","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-11-12T14:54:23.229380Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-11-12T20:03:06.612Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Excavation Management Information System","vendor":"Premierturk Information Technologies Inc.","versions":[{"lessThan":"v.10.2025.01","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"İbrahim YİĞİTSOY"}],"datePublic":"2025-11-11T14:02:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.<p>This issue affects Excavation Management Information System: before v.10.2025.01.</p>"}],"value":"Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.\n\nThis issue affects Excavation Management Information System: before v.10.2025.01."}],"impacts":[{"capecId":"CAPEC-169","descriptions":[{"lang":"en","value":"CAPEC-169 Footprinting"}]},{"capecId":"CAPEC-212","descriptions":[{"lang":"en","value":"CAPEC-212 Functionality Misuse"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-552","description":"CWE-552 Files or Directories Accessible to External Parties","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-359","description":"CWE-359 Exposure of Private Personal Information to an Unauthorized Actor","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-04T19:23:05.823Z","orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT"},"references":[{"tags":["government-resource","broken-link"],"url":"https://www.usom.gov.tr/bildirim/tr-25-0388"},{"tags":["government-resource"],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0388"}],"source":{"advisory":"TR-25-0388","defect":["TR-25-0388"],"discovery":"UNKNOWN"},"title":"Improper Access Control in Premierturk's Excavation Management Information System","x_generator":{"engine":"Vulnogram 0.5.0"}}},"cveMetadata":{"assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","assignerShortName":"TR-CERT","cveId":"CVE-2025-11959","datePublished":"2025-11-11T14:11:50.111Z","dateReserved":"2025-10-20T12:32:42.580Z","dateUpdated":"2026-06-04T19:23:05.823Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-11-11 15:15:35","lastModifiedDate":"2026-04-15 00:35:42","problem_types":["CWE-359","CWE-552","CWE-552 CWE-552 Files or Directories Accessible to External Parties","CWE-359 CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"11959","Ordinal":"1","Title":"Improper Access Control in Premierturk's Excavation Management I","CVE":"CVE-2025-11959","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"11959","Ordinal":"1","NoteData":"Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.\n\nThis issue affects Excavation Management Information System: before v.10.2025.01.","Type":"Description","Title":"Improper Access Control in Premierturk's Excavation Management I"}]}}}