CVE-2025-8590 - Vulnerability Details - OpenCVE

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Akce	Skspro

No data.

No data.

References

Link	Providers
https://www.spirityenterprise.com/digital-risk-protection
https://www.usom.gov.tr/bildirim/tr-26-0011

History

Wed, 04 Feb 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Akce Akce skspro
Vendors & Products		Akce Akce skspro

Tue, 03 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 03 Feb 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026.
Title		Information Disclosure in AKCE Software's SKSPro
Weaknesses		CWE-200
References		https://www.usom.gov.tr/bildirim/tr-26-0011
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2026-02-03T07:19:34.965Z

Updated: 2026-02-03T15:46:29.569Z

Reserved: 2025-08-05T09:50:33.306Z

Link: CVE-2025-8590

Vulnrichment

Updated: 2026-02-03T15:46:22.011Z

NVD

Status : Awaiting Analysis

Published: 2026-02-03T08:16:14.400

Modified: 2026-02-03T16:44:03.343

Link: CVE-2025-8590

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8590", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-08-05T09:50:33.306Z", "datePublished": "2026-02-03T07:19:34.965Z", "dateUpdated": "2026-02-03T15:46:29.569Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SKSPro", "vendor": "AKCE Software Technology R&D Industry and Trade Inc.", "versions": [{"lessThanOrEqual": "07012026", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Enes EBUBEK\u0130R"}], "datePublic": "2026-02-03T07:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.<p>This issue affects SKSPro: through 07012026.</p>"}], "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026."}], "impacts": [{"capecId": "CAPEC-127", "descriptions": [{"lang": "en", "value": "CAPEC-127 Directory Indexing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-02-03T07:19:34.965Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0011"}], "source": {"advisory": "TR-26-0011", "defect": ["TR-26-0011"], "discovery": "UNKNOWN"}, "title": "Information Disclosure in AKCE Software's SKSPro", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T15:46:17.531875Z", "id": "CVE-2025-8590", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:46:29.569Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8590", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T15:46:17.531875Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:46:22.011Z"}}], "cna": {"title": "Information Disclosure in AKCE Software's SKSPro", "source": {"defect": ["TR-26-0011"], "advisory": "TR-26-0011", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Enes EBUBEK\u0130R"}], "impacts": [{"capecId": "CAPEC-127", "descriptions": [{"lang": "en", "value": "CAPEC-127 Directory Indexing"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AKCE Software Technology R&D Industry and Trade Inc.", "product": "SKSPro", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "07012026"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-03T07:16:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0011"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026.", "supportingMedia": [{"type": "text/html", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.<p>This issue affects SKSPro: through 07012026.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-02-03T07:19:34.965Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8590", "state": "PUBLISHED", "dateUpdated": "2026-02-03T15:46:29.569Z", "dateReserved": "2025-08-05T09:50:33.306Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2026-02-03T07:19:34.965Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}