CVE 8.8 HIGH

IDOR in Yordam Informatics’ Library Automation System_CVE-2025-15025

May 14, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers.

This issue affects Library Automation System: from v.21.6 before v.22.1.

AI Analysis

Authorization bypass vulnerability in Library Automation System via User-Controlled key, allowing exploitation of trusted identifiers.

Basic Information

ID CVE-2025-15025

Source TR-CERT

Published May 14, 2026 at 12:59

Modified May 14, 2026 at 13:44

Affected Product

Vendor Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.

Product Library Automation System

Version v.21.6

Affected Versions Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System v.21.6

CWE Classification

CWE-639

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.

Product Library Automation System

Version v.21.6 - v.22.1

References

siberguvenlik.gov.tr /guvenlik-bildirimleri/detay/tr-26-0240

{
    "lastseen": "",
    "description": "Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers.\n\nThis issue affects Library Automation System: from v.21.6 before v.22.1.",
    "published": "2026-05-14T12:59:51.988Z",
    "modified": "2026-05-14T13:44:16.034Z",
    "type": "cve",
    "title": "IDOR in Yordam Informatics' Library Automation System",
    "source": "TR-CERT",
    "references": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240",
    "id": "CVE-2025-15025",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System v.21.6",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Library Automation System",
    "version": "v.21.6",
    "vendor": "Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.",
    "ai_description": "Authorization bypass vulnerability in Library Automation System via User-Controlled key, allowing exploitation of trusted identifiers.",
    "ai_severity": "High",
    "ai_vendor": "Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.",
    "ai_product": "Library Automation System",
    "ai_version": "v.21.6 - v.22.1",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply