CVE-2025-11025

MEDIUM

Vimesoft Corporate Messaging Platform <2.0.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.

References (1)

Scores

CVSS v3 5.3
EPSS 0.0003
EPSS Percentile 10.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-201
Status published
Products (1)
Vimesoft Information Technologies and Software Inc./Vimesoft Corporate Messaging Platform V1.3.0 - V2.0.0
Published Sep 26, 2025
Tracked Since Feb 18, 2026