PatchSiren cyber security CVE debrief
CVE-2025-6967 Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CVE debrief
A high-severity vulnerability, CVE-2025-6967, was found in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS. This Execution After Redirect (EAR) vulnerability enables JSON Hijacking (also known as JavaScript Hijacking) and Authentication Bypass. The affected product is CMS, up to version 10022026. The vendor, Sarman Soft, was notified but did not respond. The vulnerability was published on [cve-published-at] and last modified on [cve-modified-at].
- Vendor
- Sarman Soft Software and Technology Services Industry and Trade Ltd. Co.
- Product
- CMS
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-10
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-10
- Advisory updated
- 2026-06-05
Who should care
Users of Sarman Soft CMS, version 10022026 or earlier, should apply patches or mitigations to prevent exploitation.
Technical summary
CVE-2025-6967 is an Execution After Redirect (EAR) vulnerability in Sarman Soft CMS, which allows for JSON Hijacking and Authentication Bypass. The vulnerability's CVSS score is 8.7, indicating high severity.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by Sarman Soft to address the vulnerability in their CMS product.
- Implement additional security measures, such as input validation and authentication checks, to mitigate the risk of exploitation.
Evidence notes
The CVE record was published on [resourceLinkAnnotations:cve-org] and details can be found on [resourceLinkAnnotations:nvd]. Additional references include [resourceLinkAnnotations:ref-4] and [resourceLinkAnnotations:ref-5].
Official resources
CVE-2025-6967 was published on 2026-02-10T14:16:09.607Z and last modified on 2026-06-05T15:16:43.260Z.