CVE-2025-0987

CRITICAL 9.9

IDOR in CB Project's CVLand

CVSS Score

9.9

EPSS Score

0.1%

EPSS Percentile

22th

Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-639
Vendor	cb project ltd. co.
Product	cvland
Published	Nov 3, 2025
Last Updated	Mar 26, 2026

Stay Ahead of the Next One

Get instant alerts for cb project ltd. co. cvland

Be the first to know when new critical vulnerabilities affecting cb project ltd. co. cvland are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Affected Versions

CB Project Ltd. Co. / CVLand

2.1.0 ≤ 20251103

References

NVD ↗ CVE.org ↗ EPSS Data ↗

usom.gov.tr: https://www.usom.gov.tr/bildirim/tr-25-0371

Credits

Ulaş GÜMÜŞTAŞ