PatchSiren cyber security CVE debrief
CVE-2025-8025 Dinosoft Business Solutions CVE debrief
A critical vulnerability, CVE-2025-8025, has been identified in Dinosoft ERP, specifically affecting versions prior to 3.0.1 up to 11022026. This vulnerability is categorized as a Missing Authentication for Critical Function and Improper Access Control issue, allowing attackers to access functionality not properly constrained by Access Control Lists (ACLs). The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 9.8, indicating a critical severity level. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, highlighting the vulnerability's high impact on confidentiality, integrity, and availability. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- Dinosoft Business Solutions
- Product
- Dinosoft ERP
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-11
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-11
- Advisory updated
- 2026-06-05
Who should care
Administrators and users of Dinosoft ERP, especially those using versions prior to 3.0.1 up to 11022026, should be aware of this critical vulnerability. Given the high CVSS score and the potential for unauthorized access to sensitive functionality, immediate attention is required to mitigate potential risks.
Technical summary
The vulnerability, CVE-2025-8025, is associated with CWE-284 (Improper Access Control) and CWE-306 (Missing Authentication for Critical Function). It was reported by an unknown source and noted by the vendor as affecting their product. However, the vendor did not respond to early disclosure notifications.
Defensive priority
High
Recommended defensive actions
- Update Dinosoft ERP to version 3.0.1 or later.
- Implement additional access controls and authentication mechanisms for critical functions.
- Review and enhance ACLs to ensure proper constraint of functionality.
Evidence notes
The CVE record and NVD detail provide comprehensive information about the vulnerability. Additional references from [ref-4] and [ref-5] offer further context.
Official resources
CVE-2025-8025 was published on 2026-02-11T13:15:58.777Z and last modified on 2026-06-05T13:16:34.383Z.