PatchSiren cyber security CVE debrief
CVE-2025-10024 EXERT Computer Technologies Software Ltd. Co. CVE debrief
CVE-2025-10024 is an Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System. The vulnerability allows Parameter Injection and has a CVSS score of 7.5 with a HIGH severity rating. The issue affects Education Management System through 23.09.2025.
- Vendor
- EXERT Computer Technologies Software Ltd. Co.
- Product
- Education Management System
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-22
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-01-22
- Advisory updated
- 2026-06-05
Who should care
Users of EXERT Computer Technologies Software Ltd. Co. Education Management System through version 23.09.2025 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by an Authorization Bypass Through User-Controlled Key issue in EXERT Computer Technologies Software Ltd. Co. Education Management System, which allows Parameter Injection. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the affected system to prevent unauthorized access.
- Monitor the system for suspicious activity.
Evidence notes
The CVE record and NVD detail can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2025-10024) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2025-10024) respectively. Additional information can be found at [ref-4](https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0002) and [ref-5](https://www.usom.gov.tr/bildirim/tr-26-0002).
Official resources
CVE-2025-10024 was published on [cvePublishedAt] and last modified on [cveModifiedAt].