CVE-2025-6967— Authentication Bypass in Sarman Soft's CMS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-6967
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authentication Bypass in Sarman Soft's CMS
Source: NVD (National Vulnerability Database)
Vulnerability Description
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
重定向后执行(EAR)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sarman Soft CMS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sarman Soft CMS是土耳其Sarman Soft公司的一个内容管理系统。 Sarman Soft CMS 10022026及之前版本存在安全漏洞,该漏洞源于重定向后执行,可能导致JSON劫持和身份验证绕过。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. | CMS | 0 ~ 10022026 | - |
II. Public POCs for CVE-2025-6967
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-6967
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: CMS
- CVE-2026-7508
Bootstrap CMS Page Creation show.blade.php code injection - CVE-2026-7317
Grav CMS Cache Value FileCache.php doGet deserialization - CVE-2026-7016
MaxSite CMS ushki Plugin cross site scripting - CVE-2026-7015
MaxSite CMS Guestbook Plugin cross site scripting - CVE-2026-7014
MaxSite CMS down_count Plugin cross site scripting
Same weakness: CWE-698
- CVE-2026-2699
EAR vulnerability in Progress ShareFile Storage Zones Contro - CVE-2026-3264
go2ismail Free-CRM Administrative redirect - CVE-2026-3262
go2ismail Asp.Net-Core-Inventory-Order-Management-System Adm - CVE-2025-8350
Authentication Bypass with Redirect in BiEticaret Software's - CVE-2025-9848
ScriptAndTools Real Estate Management System userlist.php re
V. Comments for CVE-2025-6967
No comments yet