{"api_version":"1","generated_at":"2026-06-04T20:00:22+00:00","cve":"CVE-2025-15023","urls":{"html":"https://cve.report/CVE-2025-15023","api":"https://cve.report/api/cve/CVE-2025-15023.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-15023","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-15023"},"summary":{"title":"Improper Access Control in Yordam Informatics' Library Automation System","description":"Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Library Automation System: from v.19.5 before v.22.1.","state":"PUBLISHED","assigner":"TR-CERT","published_at":"2026-05-14 18:16:34","updated_at":"2026-05-14 18:19:37"},"problem_types":["CWE-863","CWE-863 CWE-863 Incorrect Authorization"],"metrics":[{"version":"3.1","source":"iletisim@usom.gov.tr","type":"Primary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240","name":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-15023","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15023","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.","product":"Library Automation System","version":"affected v.19.5 v.22.1 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"anonymous","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"15023","cve":"CVE-2025-15023","epss":"0.000410000","percentile":"0.125810000","score_date":"2026-05-25","updated_at":"2026-05-26 00:10:59"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Library Automation System","vendor":"Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.","versions":[{"lessThan":"v.22.1","status":"affected","version":"v.19.5","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"anonymous"}],"datePublic":"2026-05-14T17:29:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Library Automation System: from v.19.5 before v.22.1.</p>"}],"value":"Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Library Automation System: from v.19.5 before v.22.1."}],"impacts":[{"capecId":"CAPEC-180","descriptions":[{"lang":"en","value":"CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-863","description":"CWE-863 Incorrect Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-14T17:36:14.032Z","orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT"},"references":[{"tags":["government-resource"],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240"}],"source":{"advisory":"TR-26-0240","defect":["TR-26-0240"],"discovery":"UNKNOWN"},"title":"Improper Access Control in Yordam Informatics' Library Automation System","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","assignerShortName":"TR-CERT","cveId":"CVE-2025-15023","datePublished":"2026-05-14T17:36:14.032Z","dateReserved":"2025-12-22T07:58:36.406Z","dateUpdated":"2026-05-14T17:36:14.032Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-14 18:16:34","lastModifiedDate":"2026-05-14 18:19:37","problem_types":["CWE-863","CWE-863 CWE-863 Incorrect Authorization"],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"15023","Ordinal":"1","Title":"Improper Access Control in Yordam Informatics' Library Automatio","CVE":"CVE-2025-15023","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"15023","Ordinal":"1","NoteData":"Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Library Automation System: from v.19.5 before v.22.1.","Type":"Description","Title":"Improper Access Control in Yordam Informatics' Library Automatio"}]}}}