IDOR in Proliz Software’s OBS_CVE-2025-0875

4.2 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Description

Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328.

Basic Information

ID CVE-2025-0875

Source TR-CERT

Published Sep 22, 2025 at 08:02

Affected Product

Vendor PROLIZ Computer Software Hardware Service Trade Ltd. Co.

Product OBS (Student Affairs Information System)

Affected Versions PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) 0

CWE Classification

CWE-639

References

www.usom.gov.tr /bildirim/tr-25-0282

{
    "lastseen": "",
    "description": "Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328.",
    "published": "2025-09-22T08:02:09.660Z",
    "modified": "2025-09-22T08:02:09.660Z",
    "type": "cve",
    "title": "IDOR in Proliz Software's OBS",
    "source": "TR-CERT",
    "references": "https://www.usom.gov.tr/bildirim/tr-25-0282",
    "id": "CVE-2025-0875",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.2,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OBS (Student Affairs Information System)",
    "version": "0",
    "vendor": "PROLIZ Computer Software Hardware Service Trade Ltd. Co.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}