Platform
php
Component
bieticaret-cms
Fixed in
19022026.0.1
CVE-2025-8350 describes an Authentication Bypass vulnerability, specifically an Execution After Redirect (EAR) and HTTP Response Splitting issue, within the Inrove Software and Internet Services BiEticaret CMS. This flaw allows attackers to bypass authentication mechanisms, potentially gaining unauthorized access to sensitive data and functionality. The vulnerability impacts versions 2.1.13 through 19022026 of BiEticaret CMS. A fix is pending from the vendor.
The Authentication Bypass vulnerability in BiEticaret CMS allows attackers to bypass authentication controls, leading to a range of severe consequences. Attackers could potentially gain full administrative access to the CMS, allowing them to modify content, steal user data, inject malicious code, or even take complete control of the web server. The HTTP Response Splitting component of this vulnerability further amplifies the risk, enabling attackers to craft malicious redirects that could lead users to phishing sites or further compromise their systems. Given the lack of vendor response, the risk of exploitation is elevated.
CVE-2025-8350 is currently not listed on KEV, and an EPSS score is pending evaluation. Public proof-of-concept (POC) code is not yet available, but the vulnerability's severity and the vendor's lack of response suggest a potential for active exploitation. The vulnerability was publicly disclosed on 2026-02-19. Monitor security advisories and threat intelligence feeds for any indications of exploitation.
Exploit Status
EPSS
0.10% (28% percentile)
CISA SSVC
CVSS Vector
Due to the vendor's lack of response, immediate mitigation steps are crucial. The primary recommendation is to upgrade to a patched version of BiEticaret CMS as soon as it becomes available. In the interim, implement strict input validation on all user-supplied data to prevent HTTP Response Splitting attacks. Configure a Web Application Firewall (WAF) to filter out malicious requests and block attempts to bypass authentication. Consider implementing stricter access controls and multi-factor authentication to further reduce the attack surface. After implementing these mitigations, thoroughly test the CMS to ensure functionality and security.
Actualizar BiEticaret CMS a una versión posterior a 19022026. Debido a que el proveedor no respondió, se recomienda contactar al proveedor para obtener una versión corregida o considerar migrar a una plataforma más segura y mantenida.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-8350 is a CRITICAL vulnerability allowing attackers to bypass authentication in BiEticaret CMS versions 2.1.13–19022026, potentially leading to unauthorized access and data manipulation.
If you are using BiEticaret CMS versions 2.1.13 through 19022026, you are potentially affected by this vulnerability. Check your version and apply mitigations immediately.
The recommended fix is to upgrade to a patched version of BiEticaret CMS. Until a patch is available, implement strict input validation and WAF rules as temporary mitigations.
While no active exploitation has been confirmed, the vulnerability's severity and lack of vendor response suggest a potential for exploitation. Monitor security advisories and threat intelligence.
Due to the vendor's lack of response, there is no official advisory available at this time. Monitor security news sources for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.