CVE-2025-2311

CRITICAL 9.0

Authentication Bypass in Sechard Information Technologies' SecHard

CVSS Score

9.0

EPSS Score

0.0%

EPSS Percentile

0th

Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring. This issue affects SecHard: before 3.3.0.20220411.

CWE	CWE-648 CWE-319 CWE-522
Vendor	sechard information technologies
Product	sechard
Published	Mar 20, 2025
Last Updated	Jun 6, 2026

Stay Ahead of the Next One

Get instant alerts for sechard information technologies sechard

Be the first to know when new critical vulnerabilities affecting sechard information technologies sechard are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Sechard Information Technologies / SecHard

0 < 3.3.0.20220411

References

NVD ↗ CVE.org ↗ EPSS Data ↗

usom.gov.tr: https://www.usom.gov.tr/bildirim/tr-25-0074 siberguvenlik.gov.tr: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0074

Credits

Berat Ugur DEMIRKAN BG-TEK Cyber Security