免费扫描
CRITICALCVE-2025-8350CVSS 9.8

Authentication Bypass with Redirect in BiEticaret Software's BiEticaret CMS

翻译中…

平台

php

组件

bieticaret-cms

修复版本

19022026.0.1

AI Confidence: highNVDEPSS 0.1%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2025-8350 describes an Authentication Bypass vulnerability, specifically an Execution After Redirect (EAR) and HTTP Response Splitting issue, within the Inrove Software and Internet Services BiEticaret CMS. This flaw allows attackers to bypass authentication mechanisms, potentially gaining unauthorized access to sensitive data and functionality. The vulnerability impacts versions 2.1.13 through 19022026 of BiEticaret CMS. A fix is pending from the vendor.

影响与攻击场景翻译中…

The Authentication Bypass vulnerability in BiEticaret CMS allows attackers to bypass authentication controls, leading to a range of severe consequences. Attackers could potentially gain full administrative access to the CMS, allowing them to modify content, steal user data, inject malicious code, or even take complete control of the web server. The HTTP Response Splitting component of this vulnerability further amplifies the risk, enabling attackers to craft malicious redirects that could lead users to phishing sites or further compromise their systems. Given the lack of vendor response, the risk of exploitation is elevated.

利用背景翻译中…

CVE-2025-8350 is currently not listed on KEV, and an EPSS score is pending evaluation. Public proof-of-concept (POC) code is not yet available, but the vulnerability's severity and the vendor's lack of response suggest a potential for active exploitation. The vulnerability was publicly disclosed on 2026-02-19. Monitor security advisories and threat intelligence feeds for any indications of exploitation.

哪些人处于风险中翻译中…

Organizations utilizing BiEticaret CMS in production environments, particularly those with sensitive data or critical business processes, are at significant risk. Shared hosting environments where multiple websites share the same server infrastructure are also at increased risk, as a compromise of one website could potentially affect others. Legacy configurations or deployments with outdated security practices are especially vulnerable.

检测步骤翻译中…

• php: Examine web server access logs for unusual redirects or HTTP headers that might indicate HTTP Response Splitting attempts. Use grep to search for suspicious patterns in the logs.

grep -i 'redirect|header' /var/log/apache2/access.log

• generic web: Use curl to test for potential redirect vulnerabilities by sending requests with crafted headers.

curl -I -H "X-Redirect: https://evil.com" http://your-bi-eticaret-cms/index.php

• php: Review the BiEticaret CMS codebase for areas where user input is directly used in HTTP headers or redirects without proper sanitization.

攻击时间线

  1. Disclosure

    disclosure

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

0.10% (28% 百分位)

CISA SSVC

利用情况none
可自动化yes
技术影响total

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.8CRITICALAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredNone攻击所需的认证级别User InteractionNone是否需要受害者采取行动ScopeUnchanged超出受影响组件的影响范围ConfidentialityHigh敏感数据泄露风险IntegrityHigh数据未授权篡改风险AvailabilityHigh服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
无 — 无需认证,无需凭证即可利用。
User Interaction
无 — 攻击自动且无声,受害者无需任何操作。
Scope
未改变 — 影响仅限于脆弱组件本身。
Confidentiality
高 — 完全丧失机密性,攻击者可读取所有数据。
Integrity
高 — 攻击者可写入、修改或删除任何数据。
Availability
高 — 完全崩溃或资源耗尽,完全拒绝服务。

受影响的软件

组件bieticaret-cms
供应商Inrove Software and Internet Services
影响范围修复版本
2.1.13 – 1902202619022026.0.1

弱点分类 (CWE)

CWE-698CWE-306

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期
未修复 — 披露已94天

缓解措施和替代方案翻译中…

Due to the vendor's lack of response, immediate mitigation steps are crucial. The primary recommendation is to upgrade to a patched version of BiEticaret CMS as soon as it becomes available. In the interim, implement strict input validation on all user-supplied data to prevent HTTP Response Splitting attacks. Configure a Web Application Firewall (WAF) to filter out malicious requests and block attempts to bypass authentication. Consider implementing stricter access controls and multi-factor authentication to further reduce the attack surface. After implementing these mitigations, thoroughly test the CMS to ensure functionality and security.

修复方法翻译中…

Actualizar BiEticaret CMS a una versión posterior a 19022026. Debido a que el proveedor no respondió, se recomienda contactar al proveedor para obtener una versión corregida o considerar migrar a una plataforma más segura y mantenida.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2025-8350 — Authentication Bypass in BiEticaret CMS?

CVE-2025-8350 is a CRITICAL vulnerability allowing attackers to bypass authentication in BiEticaret CMS versions 2.1.13–19022026, potentially leading to unauthorized access and data manipulation.

Am I affected by CVE-2025-8350 in BiEticaret CMS?

If you are using BiEticaret CMS versions 2.1.13 through 19022026, you are potentially affected by this vulnerability. Check your version and apply mitigations immediately.

How do I fix CVE-2025-8350 in BiEticaret CMS?

The recommended fix is to upgrade to a patched version of BiEticaret CMS. Until a patch is available, implement strict input validation and WAF rules as temporary mitigations.

Is CVE-2025-8350 being actively exploited?

While no active exploitation has been confirmed, the vulnerability's severity and lack of vendor response suggest a potential for exploitation. Monitor security advisories and threat intelligence.

Where can I find the official BiEticaret CMS advisory for CVE-2025-8350?

Due to the vendor's lack of response, there is no official advisory available at this time. Monitor security news sources for updates.

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE