PatchSiren cyber security CVE debrief
CVE-2025-9986 Vadi Corporate Information Systems Ltd. Co. CVE debrief
A high-severity vulnerability, CVE-2025-9986, was found in DIGIKENT by Vadi Corporate Information Systems Ltd. Co. This Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability has a CVSS score of 8.2. The issue affects DIGIKENT up to version 13092025. For more information, refer to [cve-org] and [nvd].
- Vendor
- Vadi Corporate Information Systems Ltd. Co.
- Product
- DIGIKENT
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-11
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-11
- Advisory updated
- 2026-06-05
Who should care
Users of DIGIKENT by Vadi Corporate Information Systems Ltd. Co. should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability allows for Excavation and has been categorized under CWE-497. It can be exploited over the network with low attack complexity and no required privileges or user interaction. Successful exploitation can lead to high confidentiality impact, low integrity impact, and no availability impact.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by Vadi Corporate Information Systems Ltd. Co. for DIGIKENT.
- Restrict access to sensitive system information.
- Monitor system logs for suspicious activity.
Evidence notes
Evidence suggests that this vulnerability was published on February 11, 2026, and last modified on June 5, 2026. References can be found at [ref-4] and [ref-5].
Official resources
CVE-2025-9986 was published on 2026-02-11T09:15:50.663Z and modified on 2026-06-05T12:16:35.987Z.