CVE-2025-1161 - Vulnerability Details - OpenCVE

Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Nomysost	Nomysem

No data.

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0440

History

Thu, 11 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nomysost Nomysost nomysem
Vendors & Products		Nomysost Nomysost nomysem

Wed, 10 Dec 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 10 Dec 2025 13:30:00 +0000

Type	Values Removed	Values Added
Description	Incorrect Use of Privileged APIs vulnerability in NomySost Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.	Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.

Wed, 10 Dec 2025 09:15:00 +0000

Type	Values Removed	Values Added
Description		Incorrect Use of Privileged APIs vulnerability in NomySost Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.
Title		Improper Authorization in Nomysoft Informatics' Nomysem
Weaknesses		CWE-648
References		https://www.usom.gov.tr/bildirim/tr-25-0440
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-12-10T09:03:16.726Z

Updated: 2025-12-10T14:41:19.536Z

Reserved: 2025-02-10T08:04:19.878Z

Link: CVE-2025-1161

Vulnrichment

Updated: 2025-12-10T14:41:15.932Z

NVD

Status : Received

Published: 2025-12-10T09:15:47.230

Modified: 2025-12-10T14:16:19.410

Link: CVE-2025-1161

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1161", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-02-10T08:04:19.878Z", "datePublished": "2025-12-10T09:03:16.726Z", "dateUpdated": "2025-12-10T14:41:19.536Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Nomysem", "vendor": "NomySoft Information Technology Training and Consulting Inc.", "versions": [{"lessThanOrEqual": "May 2025", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mustafa An\u0131l YILDIRIM"}], "datePublic": "2025-12-10T08:57:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.<p>This issue affects Nomysem: through May 2025.</p>"}], "value": "Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-648", "description": "CWE-648 Incorrect Use of Privileged APIs", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-12-10T13:22:34.051Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0440"}], "source": {"advisory": "TR-25-0440", "defect": ["TR-25-0440"], "discovery": "UNKNOWN"}, "title": "Improper Authorization in Nomysoft Informatics' Nomysem", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-10T14:40:22.152881Z", "id": "CVE-2025-1161", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-10T14:41:19.536Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1161", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-10T14:40:22.152881Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-10T14:41:15.932Z"}}], "cna": {"title": "Improper Authorization in Nomysoft Informatics' Nomysem", "source": {"defect": ["TR-25-0440"], "advisory": "TR-25-0440", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Mustafa An\u0131l YILDIRIM"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NomySoft Information Technology Training and Consulting Inc.", "product": "Nomysem", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "May 2025"}], "defaultStatus": "unaffected"}], "datePublic": "2025-12-10T08:57:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0440"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.", "supportingMedia": [{"type": "text/html", "value": "Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.<p>This issue affects Nomysem: through May 2025.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-648", "description": "CWE-648 Incorrect Use of Privileged APIs"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-12-10T13:22:34.051Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1161", "state": "PUBLISHED", "dateUpdated": "2025-12-10T14:41:19.536Z", "dateReserved": "2025-02-10T08:04:19.878Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2025-12-10T09:03:16.726Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}