PatchSiren cyber security CVE debrief
CVE-2025-8350 Inrove Software and Internet Services CVE debrief
A critical vulnerability, CVE-2025-8350, has been identified in BiEticaret CMS versions from 2.1.13 through 19022026. This vulnerability is categorized as an Execution After Redirect (EAR) and Missing Authentication for Critical Function, which could allow for Authentication Bypass and HTTP Response Splitting. The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
- Vendor
- Inrove Software and Internet Services
- Product
- BiEticaret CMS
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-19
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-19
- Advisory updated
- 2026-06-05
Who should care
Administrators and users of BiEticaret CMS versions from 2.1.13 through 19022026 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a lack of proper authentication for critical functions in BiEticaret CMS, which allows for Execution After Redirect (EAR) and leads to Authentication Bypass and HTTP Response Splitting. The Common Vulnerability Scoring System (CVSS) vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
High
Recommended defensive actions
- Update BiEticaret CMS to a version outside of the affected range (from 2.1.13 through 19022026) if available.
- Implement additional security measures such as authentication and authorization checks for critical functions.
- Monitor the system for any suspicious activity.
Evidence notes
The vendor, Inrove Software and Internet Services, was contacted but did not respond.
Official resources
CVE-2025-8350 was published on 2026-02-19T12:16:14.697Z and modified on 2026-06-05T12:16:32.393Z.