CVE-2025-11025

MEDIUM

Vimesoft Corporate Messaging Platform <2.0.0 - Info Disclosure

Title source: llm

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.

References (1)

[Third Party Advisory, US Government Resource] https://www.usom.gov.tr/bildirim/tr-25-0300

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 8.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-201

Status draft

Timeline

Published Sep 26, 2025

Tracked Since Feb 18, 2026