{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15023", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-12-22T07:58:36.406Z", "datePublished": "2026-05-14T17:36:14.032Z", "dateUpdated": "2026-05-14T18:36:14.239Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-05-14T17:36:14.032Z"}, "title": "Improper Access Control in Yordam Informatics' Library Automation System", "datePublic": "2026-05-14T17:29:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.", "product": "Library Automation System", "versions": [{"status": "affected", "version": "v.19.5", "lessThan": "v.22.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Library Automation System: from v.19.5 before v.22.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Library Automation System: from v.19.5 before v.22.1.</p>"}]}], "references": [{"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "anonymous", "type": "finder"}], "source": {"defect": ["TR-26-0240"], "advisory": "TR-26-0240", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-14T18:36:08.369888Z", "id": "CVE-2025-15023", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-14T18:36:14.239Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15023", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-14T18:36:08.369888Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-14T18:36:10.887Z"}}], "cna": {"title": "Improper Access Control in Yordam Informatics' Library Automation System", "source": {"defect": ["TR-26-0240"], "advisory": "TR-26-0240", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "anonymous"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.", "product": "Library Automation System", "versions": [{"status": "affected", "version": "v.19.5", "lessThan": "v.22.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-05-14T17:29:00.000Z", "references": [{"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Library Automation System: from v.19.5 before v.22.1.", "supportingMedia": [{"type": "text/html", "value": "Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Library Automation System: from v.19.5 before v.22.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-05-14T17:36:14.032Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15023", "state": "PUBLISHED", "dateUpdated": "2026-05-14T18:36:14.239Z", "dateReserved": "2025-12-22T07:58:36.406Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2026-05-14T17:36:14.032Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Library Automation System: from v.19.5 before v.22.1."}], "id": "CVE-2025-15023", "lastModified": "2026-05-14T18:19:37.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "iletisim@usom.gov.tr", "type": "Primary"}]}, "published": "2026-05-14T18:16:34.527", "references": [{"source": "iletisim@usom.gov.tr", "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "iletisim@usom.gov.tr", "type": "Primary"}]}

{}

{"created": "2026-05-14T19:30:26.323748+00:00", "updated": "2026-05-14T19:30:26.323764+00:00", "vendors": []}