Search criteria
2 vulnerabilities found for Vimesoft Corporate Messaging Platform by Vimesoft Information Technologies and Software Inc.
CVE-2025-11025 (GCVE-0-2025-11025)
Vulnerability from cvelistv5 – Published: 2025-09-26 12:40 – Updated: 2025-09-26 13:39
VLAI?
Title
Information Disclosure in Vimeosoft Information Technologies' Vimesoft Corporate Messaging Platform
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.
Severity ?
5.3 (Medium)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Vimesoft Information Technologies and Software Inc. | Vimesoft Corporate Messaging Platform |
Affected:
V1.3.0 , < V2.0.0
(custom)
|
Credits
Berat AKŞİT
Sencer KILIÇ
Berat AKŞİT
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T13:39:06.180229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T13:39:22.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vimesoft Corporate Messaging Platform",
"vendor": "Vimesoft Information Technologies and Software Inc.",
"versions": [
{
"lessThan": "V2.0.0",
"status": "affected",
"version": "V1.3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Berat AK\u015e\u0130T"
},
{
"lang": "en",
"type": "finder",
"value": "Sencer KILI\u00c7"
},
{
"lang": "en",
"type": "reporter",
"value": "Berat AK\u015e\u0130T"
}
],
"datePublic": "2025-09-26T12:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T12:43:09.756Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0300"
}
],
"source": {
"advisory": "TR-25-0300",
"defect": [
"TR-25-0300"
],
"discovery": "UNKNOWN"
},
"title": "Information Disclosure in Vimeosoft Information Technologies\u0027 Vimesoft Corporate Messaging Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-11025",
"datePublished": "2025-09-26T12:40:31.008Z",
"dateReserved": "2025-09-26T08:09:24.845Z",
"dateUpdated": "2025-09-26T13:39:22.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11025 (GCVE-0-2025-11025)
Vulnerability from nvd – Published: 2025-09-26 12:40 – Updated: 2025-09-26 13:39
VLAI?
Title
Information Disclosure in Vimeosoft Information Technologies' Vimesoft Corporate Messaging Platform
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.
Severity ?
5.3 (Medium)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Vimesoft Information Technologies and Software Inc. | Vimesoft Corporate Messaging Platform |
Affected:
V1.3.0 , < V2.0.0
(custom)
|
Credits
Berat AKŞİT
Sencer KILIÇ
Berat AKŞİT
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T13:39:06.180229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T13:39:22.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vimesoft Corporate Messaging Platform",
"vendor": "Vimesoft Information Technologies and Software Inc.",
"versions": [
{
"lessThan": "V2.0.0",
"status": "affected",
"version": "V1.3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Berat AK\u015e\u0130T"
},
{
"lang": "en",
"type": "finder",
"value": "Sencer KILI\u00c7"
},
{
"lang": "en",
"type": "reporter",
"value": "Berat AK\u015e\u0130T"
}
],
"datePublic": "2025-09-26T12:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T12:43:09.756Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0300"
}
],
"source": {
"advisory": "TR-25-0300",
"defect": [
"TR-25-0300"
],
"discovery": "UNKNOWN"
},
"title": "Information Disclosure in Vimeosoft Information Technologies\u0027 Vimesoft Corporate Messaging Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-11025",
"datePublished": "2025-09-26T12:40:31.008Z",
"dateReserved": "2025-09-26T08:09:24.845Z",
"dateUpdated": "2025-09-26T13:39:22.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}