{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10024", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-09-05T12:59:43.729Z", "datePublished": "2026-01-22T11:45:10.362Z", "dateUpdated": "2026-06-05T10:51:09.271Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-05T10:51:09.271Z"}, "title": "IDOR in EXERT Computer Technologies' Education Management System", "datePublic": "2026-01-22T11:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}], "affected": [{"vendor": "EXERT Computer Technologies Software Ltd. Co.", "product": "Education Management System", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "23.09.2025", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.\n\nThis issue affects Education Management System: through 23.09.2025.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.<p>This issue affects Education Management System: through 23.09.2025.</p>"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0002", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0002", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "credits": [{"lang": "en", "value": "Serhat YAPICI", "type": "finder"}], "source": {"defect": ["TR-26-0002"], "advisory": "TR-26-0002", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-22T21:26:39.989901Z", "id": "CVE-2025-10024", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T21:30:35.668Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10024", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-22T21:26:39.989901Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T21:26:50.294Z"}}], "cna": {"title": "IDOR in EXERT Computer Technologies' Education Management System", "source": {"defect": ["TR-26-0002"], "advisory": "TR-26-0002", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Serhat YAPICI"}], "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "EXERT Computer Technologies Software Ltd. Co.", "product": "Education Management System", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "23.09.2025"}], "defaultStatus": "unaffected"}], "datePublic": "2026-01-22T11:30:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0002", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0002", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.\n\nThis issue affects Education Management System: through 23.09.2025.", "supportingMedia": [{"type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.<p>This issue affects Education Management System: through 23.09.2025.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-05T10:51:09.271Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10024", "state": "PUBLISHED", "dateUpdated": "2026-06-05T10:51:09.271Z", "dateReserved": "2025-09-05T12:59:43.729Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2026-01-22T11:45:10.362Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.\n\nThis issue affects Education Management System: through 23.09.2025."}, {"lang": "es", "value": "Vulnerabilidad de elusi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en el Sistema de Gesti\u00f3n Educativa de EXERT Computer Technologies Software Ltd. Co. permite la inyecci\u00f3n de par\u00e1metros. Este problema afecta al Sistema de Gesti\u00f3n Educativa: hasta el 23.09.2025."}], "id": "CVE-2025-10024", "lastModified": "2026-06-05T12:16:31.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-01-22T12:15:53.980", "references": [{"source": "[email protected]", "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0002"}, {"source": "[email protected]", "url": "https://www.usom.gov.tr/bildirim/tr-26-0002"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "[email protected]", "type": "Secondary"}]}

{}

{"created": "2026-01-23T16:32:31.452831+00:00", "updated": "2026-01-23T16:32:31.452857+00:00", "vendors": ["exert", "exert$PRODUCT$education_management_system"]}