CVE-2025-15024

HIGH

RCE in Yordam Informatics' Library Automation System

Title source: cna
STIX 2.1

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22.1.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0025
EPSS Percentile 15.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc./Library Automation System v.19.5 - v.22.1
Published May 14, 2026
Tracked Since May 15, 2026