CVE-2025-6967

8.7 HIGH

Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd

Published: 2026-02-10 · Last updated: 2026-06-05

Severity and scoring

CVSS: 8.7 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE: CWE-698

Description

Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass. This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-6967
[Other]https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0050
[Other]https://www.usom.gov.tr/bildirim/tr-26-0050

Related CVEs

Same CWE

CVE-2026-10271 — A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0 (6.3 MEDIUM)
CVE-2025-8350 — Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEti... (9.8 CRITICAL)