CVE-2025-15025
HIGHIDOR in Yordam Informatics' Library Automation System
Title source: cnaDescription
Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 before v.22.1.
References (1)
Core 1
Core References
Government Resource government-resource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240
Scores
CVSS v3
8.8
EPSS
0.0030
EPSS Percentile
21.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-639
Status
published
Products (1)
Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc./Library Automation System
v.21.6 - v.22.1
Published
May 14, 2026
Tracked Since
May 14, 2026