CVE-2025-2311: Authentication Bypass in Nebula Informatics' SecHard

9.0 CVSS

Description

Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Nebula Informatics SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.

Classification

CVE ID: CVE-2025-2311

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.0

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem Types

CWE-648 Incorrect Use of Privileged APIs CWE-319 Cleartext Transmission of Sensitive Information CWE-522 Insufficiently Protected Credentials

Affected Products

Vendor: Nebula Informatics

Product: SecHard

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.83% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2311
https://www.usom.gov.tr/bildirim/tr-25-0074

Timeline

2025-03-20 12:40:20 UTC
CVE

Authentication Bypass in Nebula Informatics' SecHard