CVE 9.8 CRITICAL

Authentication Bypass with Redirect in BiEticaret Software’s BiEticaret CMS_CVE-2025-8350

February 19, 2026 invoker category_cve
9.8 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13 through 19022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

Authentication Bypass and HTTP Response Splitting vulnerability in BiEticaret CMS due to Execution After Redirect (EAR) and Missing Authentication for Critical Function

Basic Information

ID CVE-2025-8350
Source TR-CERT
Published Feb 19, 2026 at 11:30

Affected Product

Vendor Inrove Software and Internet Services
Product BiEticaret CMS
Version 2.1.13
Affected Versions Inrove Software and Internet Services BiEticaret CMS 2.1.13

CWE Classification

CWE-698 CWE-306

AI Assessment

AI Score 9.8 / 10
AI Severity Critical
Vendor Inrove Software and Internet Services
Product BiEticaret CMS
Version 2.1.13

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.