CRITICAL🇵🇱 Wersja polska

CVE-2025-4378

CVSS 10.0v3.1pub. 2025-06-24upd. 2026-06-05

Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025.

🤖 AI Analysis
How it works

The vulnerability involves two related issues: first, the application uses hard-coded credentials (CWE-798) embedded in the code that can be extracted and used by an attacker to authenticate as an authorized user. Second, sensitive information — including potentially authentication data — is transmitted in cleartext (CWE-319), making it possible to intercept it in network traffic. An attacker can combine both weaknesses to gain access to the system without knowing the correct user login credentials.

Impact

A remote attacker, without any authentication and user interaction, can bypass authentication mechanisms (Authentication Bypass) and gain unauthorized access to application resources, as well as intercept sensitive data transmitted over the network.

Mitigation & patch

The ATA-AOF application must be updated to the version released on 20.06.2025 or later. Detailed information about the patch is available in the vendor references and in the USOM/TR-25-0135 bulletin.

Who is affected

ATA-AOF mobile application (Ataturk University) in all versions before 20.06.2025.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References