{"api_version":"1","generated_at":"2026-06-05T19:47:08+00:00","cve":"CVE-2025-6919","urls":{"html":"https://cve.report/CVE-2025-6919","api":"https://cve.report/api/cve/CVE-2025-6919.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-6919","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-6919"},"summary":{"title":"SQLi in Cats Informatics' Aykome","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.\n\nThis issue affects Aykome License Tracking System: before Version dated 06.10.2025.","state":"PUBLISHED","assigner":"TR-CERT","published_at":"2025-10-13 13:15:32","updated_at":"2026-06-05 15:16:42"},"problem_types":["CWE-89","CWE-89 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":[{"version":"3.1","source":"iletisim@usom.gov.tr","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.usom.gov.tr/bildirim/tr-25-0332","name":"https://www.usom.gov.tr/bildirim/tr-25-0332","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0332","name":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0332","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-6919","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6919","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Cats Information Technology Software Development Technologies","product":"Aykome License Tracking System","version":"affected Version dated 06.10.2025 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Hasan Yasin Yasar","lang":"en"},{"source":"CNA","value":"Yusuf Melih Daskiran","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-6919","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-10-21T19:52:51.606185Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-10-21T19:53:01.085Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Aykome License Tracking System","vendor":"Cats Information Technology Software Development Technologies","versions":[{"lessThan":"Version dated 06.10.2025","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Hasan Yasin Yasar"},{"lang":"en","type":"analyst","value":"Yusuf Melih Daskiran"}],"datePublic":"2025-10-13T12:41:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.<p>This issue affects Aykome License Tracking System: before Version dated 06.10.2025.</p>"}],"value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.\n\nThis issue affects Aykome License Tracking System: before Version dated 06.10.2025."}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-05T13:59:40.184Z","orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT"},"references":[{"tags":["government-resource","broken-link"],"url":"https://www.usom.gov.tr/bildirim/tr-25-0332"},{"tags":["government-resource"],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0332"}],"source":{"advisory":"TR-25-0332","defect":["TR-25-0332"],"discovery":"UNKNOWN"},"title":"SQLi in Cats Informatics' Aykome","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","assignerShortName":"TR-CERT","cveId":"CVE-2025-6919","datePublished":"2025-10-13T12:46:11.403Z","dateReserved":"2025-06-30T08:17:34.358Z","dateUpdated":"2026-06-05T13:59:40.184Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-10-13 13:15:32","lastModifiedDate":"2026-06-05 15:16:42","problem_types":["CWE-89","CWE-89 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"6919","Ordinal":"1","Title":"SQLi in Cats Informatics' Aykome","CVE":"CVE-2025-6919","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"6919","Ordinal":"1","NoteData":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.\n\nThis issue affects Aykome License Tracking System: before Version dated 06.10.2025.","Type":"Description","Title":"SQLi in Cats Informatics' Aykome"}]}}}