Improper Access Control in Yordam Informatics’ Library Automation System

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Library Automation System: from v.19.5 before v.22.1.

AI Analysis

Incorrect Authorization vulnerability allowing exploitation of access control security levels

Basic Information

ID CVE-2025-15023

Source TR-CERT

Published May 14, 2026 at 17:36

Affected Product

Vendor Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.

Product Library Automation System

Version v.19.5

Affected Versions Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System v.19.5

CWE Classification

CWE-863

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.

Product Library Automation System

Version v.19.5 - v.22.1

References

siberguvenlik.gov.tr /guvenlik-bildirimleri/detay/tr-26-0240

{
    "lastseen": "",
    "description": "Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Library Automation System: from v.19.5 before v.22.1.",
    "published": "2026-05-14T17:36:14.032Z",
    "modified": "2026-05-14T17:36:14.032Z",
    "type": "cve",
    "title": "Improper Access Control in Yordam Informatics' Library Automation System",
    "source": "TR-CERT",
    "references": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240",
    "id": "CVE-2025-15023",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System v.19.5",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Library Automation System",
    "version": "v.19.5",
    "vendor": "Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.",
    "ai_description": "Incorrect Authorization vulnerability allowing exploitation of access control security levels",
    "ai_severity": "High",
    "ai_vendor": "Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.",
    "ai_product": "Library Automation System",
    "ai_version": "v.19.5 - v.22.1",
    "ai_score": 8.8
}

Improper Access Control in Yordam Informatics’ Library Automation System_CVE-2025-15023