CVE-2025-13003 - Vulnerability Details - OpenCVE

Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers.This issue affects AxOnboard: from 3.2.0 before 3.3.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Aksis Technology	Axonboard

No data.

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0446

History

Thu, 11 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Aksis Technology Aksis Technology axonboard
Vendors & Products		Aksis Technology Aksis Technology axonboard

Thu, 11 Dec 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 11 Dec 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers.This issue affects AxOnboard: from 3.2.0 before 3.3.0.
Title		IDOR in Aksis Computer's AxOnboard
Weaknesses		CWE-639
References		https://www.usom.gov.tr/bildirim/tr-25-0446
Metrics		cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-12-11T12:11:43.894Z

Updated: 2025-12-11T14:19:07.251Z

Reserved: 2025-11-11T13:03:51.899Z

Link: CVE-2025-13003

Vulnrichment

Updated: 2025-12-11T14:19:03.821Z

NVD

Status : Received

Published: 2025-12-11T13:15:58.517

Modified: 2025-12-11T13:15:58.517

Link: CVE-2025-13003

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13003", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-11-11T13:03:51.899Z", "datePublished": "2025-12-11T12:11:43.894Z", "dateUpdated": "2025-12-11T14:19:07.251Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AxOnboard", "vendor": "Aksis Computer Services and Consulting Inc.", "versions": [{"lessThan": "3.3.0", "status": "affected", "version": "3.2.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Can Nesimi ARI"}], "datePublic": "2025-12-11T11:48:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers.<p>This issue affects AxOnboard: from 3.2.0 before 3.3.0.</p>"}], "value": "Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers.This issue affects AxOnboard: from 3.2.0 before 3.3.0."}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-12-11T12:11:43.894Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0446"}], "source": {"advisory": "TR-25-0446", "defect": ["TR-25-0446"], "discovery": "UNKNOWN"}, "title": "IDOR in Aksis Computer's AxOnboard", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-11T14:18:17.219818Z", "id": "CVE-2025-13003", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T14:19:07.251Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13003", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-11T14:18:17.219818Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T14:19:03.821Z"}}], "cna": {"title": "IDOR in Aksis Computer's AxOnboard", "source": {"defect": ["TR-25-0446"], "advisory": "TR-25-0446", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Can Nesimi ARI"}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Aksis Computer Services and Consulting Inc.", "product": "AxOnboard", "versions": [{"status": "affected", "version": "3.2.0", "lessThan": "3.3.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-12-11T11:48:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0446"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers.This issue affects AxOnboard: from 3.2.0 before 3.3.0.", "supportingMedia": [{"type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers.<p>This issue affects AxOnboard: from 3.2.0 before 3.3.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-12-11T12:11:43.894Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13003", "state": "PUBLISHED", "dateUpdated": "2025-12-11T14:19:07.251Z", "dateReserved": "2025-11-11T13:03:51.899Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2025-12-11T12:11:43.894Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}