CVE-2025-8350

CRITICAL 9.8

Authentication Bypass with Redirect in BiEticaret Software's BiEticaret CMS

CVSS Score

9.8

EPSS Score

0.1%

EPSS Percentile

28th

Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-698 CWE-306
Vendor	inrove software and internet services
Product	bieticaret cms
Published	Feb 19, 2026
Last Updated	Mar 25, 2026

Stay Ahead of the Next One

Get instant alerts for inrove software and internet services bieticaret cms

Be the first to know when new critical vulnerabilities affecting inrove software and internet services bieticaret cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Inrove Software and Internet Services / BiEticaret CMS

2.1.13 ≤ 19022026

References

NVD ↗ CVE.org ↗ EPSS Data ↗

usom.gov.tr: https://www.usom.gov.tr/bildirim/tr-26-0077

Credits

Çetin BİNİCİ