{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10024", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-09-05T12:59:43.729Z", "datePublished": "2026-01-22T11:45:10.362Z", "dateUpdated": "2026-01-22T21:30:35.668Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Education Management System", "vendor": "EXERT Computer Technologies Software Ltd. Co.", "versions": [{"lessThanOrEqual": "23.09.2025", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Serhat YAPICI"}], "datePublic": "2026-01-22T11:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.<p>This issue affects Education Management System: through 23.09.2025.</p>"}], "value": "Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025."}], "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-01-22T11:45:10.362Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0002"}], "source": {"advisory": "TR-26-0002", "defect": ["TR-26-0002"], "discovery": "UNKNOWN"}, "title": "IDOR in EXERT Computer Technologies' Education Management System", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-22T21:26:39.989901Z", "id": "CVE-2025-10024", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T21:30:35.668Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10024", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-22T21:26:39.989901Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T21:26:50.294Z"}}], "cna": {"title": "IDOR in EXERT Computer Technologies' Education Management System", "source": {"defect": ["TR-26-0002"], "advisory": "TR-26-0002", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Serhat YAPICI"}], "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "EXERT Computer Technologies Software Ltd. Co.", "product": "Education Management System", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "23.09.2025"}], "defaultStatus": "unaffected"}], "datePublic": "2026-01-22T11:30:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0002"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025.", "supportingMedia": [{"type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.<p>This issue affects Education Management System: through 23.09.2025.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-01-22T11:45:10.362Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10024", "state": "PUBLISHED", "dateUpdated": "2026-01-22T21:30:35.668Z", "dateReserved": "2025-09-05T12:59:43.729Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2026-01-22T11:45:10.362Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025."}, {"lang": "es", "value": "Vulnerabilidad de elusi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en el Sistema de Gesti\u00f3n Educativa de EXERT Computer Technologies Software Ltd. Co. permite la inyecci\u00f3n de par\u00e1metros. Este problema afecta al Sistema de Gesti\u00f3n Educativa: hasta el 23.09.2025."}], "id": "CVE-2025-10024", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "iletisim@usom.gov.tr", "type": "Primary"}]}, "published": "2026-01-22T12:15:53.980", "references": [{"source": "iletisim@usom.gov.tr", "url": "https://www.usom.gov.tr/bildirim/tr-26-0002"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "iletisim@usom.gov.tr", "type": "Primary"}]}

{}

{"created": "2026-01-23T16:32:31.452831+00:00", "updated": "2026-01-23T16:32:31.452857+00:00", "vendors": ["exert", "exert$PRODUCT$education_management_system"]}