PatchSiren cyber security CVE debrief
CVE-2025-8590 AKCE Software Technology R&D Industry and Trade Inc. CVE debrief
CVE-2025-8590 is an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro, allowing Directory Indexing. This issue affects SKSPro through version 07012026. The vulnerability has a CVSS score of 7.5 and a severity of HIGH.
- Vendor
- AKCE Software Technology R&D Industry and Trade Inc.
- Product
- SKSPro
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-03
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-03
- Advisory updated
- 2026-06-05
Who should care
Users of SKSPro through version 07012026 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by Directory Indexing in SKSPro, which allows an unauthorized actor to access sensitive information. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to SKSPro to fix the vulnerability.
- Restrict access to sensitive information and directories.
- Monitor for suspicious activity and implement additional security measures as needed.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4] and [ref-5].
Official resources
CVE-2025-8590 was published on 2026-02-03T08:16:14.400Z and modified on 2026-06-05T12:16:33.563Z.