CRITICAL🇵🇱 Wersja polska

CVE-2025-12059

CVSS 9.8v3.1pub. 2026-02-11upd. 2026-06-04

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Logo j-Platform: from 3.29.6.4 before 3.34.8.9.

🤖 AI Analysis
How it works

The CWE-538 class error occurs because the Logo j-Platform application stores sensitive data (such as credentials, tokens, configuration data) in files or directories accessible from outside without appropriate access controls. An attacker can exploit improperly configured access control security levels to read or modify this data without requiring authentication. The attack vector is network-based, requires no privileges or user interaction, making exploitation exceptionally easy.

Impact

An attacker can gain unauthorized access to sensitive information stored in the system, and potentially modify data or disrupt application functionality, resulting in complete breach of confidentiality, integrity, and availability.

Mitigation & patch

Logo j-Platform should be updated to version 3.34.8.9 or later. Detailed information is available in the vendor's security notice at: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0061 and https://www.usom.gov.tr/bildirim/tr-26-0061

Who is affected

Logo j-Platform versions 3.29.6.4 to 3.34.8.9 (not including 3.34.8.9) — a product of Logo Software Industry and Trade Inc.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References