CVE 8.7 HIGH

Authentication Bypass in Sarman Soft’s CMS_CVE-2025-6967

February 10, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Description

Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

Authentication Bypass vulnerability in Sarman Soft's CMS via Execution After Redirect (EAR) and JSON Hijacking

Basic Information

ID CVE-2025-6967

Source TR-CERT

Published Feb 10, 2026 at 13:43

Modified Feb 10, 2026 at 14:47

Affected Product

Vendor Sarman Soft Software and Technology Services Industry and Trade Ltd. Co.

Product CMS

Affected Versions Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS 0

CWE Classification

CWE-698

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Sarman Soft Software and Technology Services Industry and Trade Ltd. Co.

Product CMS

Version through 10022026

References

www.usom.gov.tr /bildirim/tr-26-0050

{
    "lastseen": "",
    "description": "Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-02-10T13:43:37.928Z",
    "modified": "2026-02-10T14:47:36.979Z",
    "type": "cve",
    "title": "Authentication Bypass in Sarman Soft's CMS",
    "source": "TR-CERT",
    "references": "https://www.usom.gov.tr/bildirim/tr-26-0050",
    "id": "CVE-2025-6967",
    "bulletinFamily": "",
    "cwe": [
        "CWE-698"
    ],
    "cvelist": null,
    "sourceData": "Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CMS",
    "version": "0",
    "vendor": "Sarman Soft Software and Technology Services Industry and Trade Ltd. Co.",
    "ai_description": "Authentication Bypass vulnerability in Sarman Soft's CMS via Execution After Redirect (EAR) and JSON Hijacking",
    "ai_severity": "High",
    "ai_vendor": "Sarman Soft Software and Technology Services Industry and Trade Ltd. Co.",
    "ai_product": "CMS",
    "ai_version": "through 10022026",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply