Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-10161

Summary
Assigner-TR-CERT
Assigner Org ID-ca940d4e-fea4-4aa2-9a58-591a58b1ce21
Published At-11 Nov, 2025 | 12:42
Updated At-14 Nov, 2025 | 18:22
Rejected At-
Credits

Authentication Bypass in Turkguven's Perfektive

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This issue affects Perfektive: before Version: 12574 Build: 2701.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:TR-CERT
Assigner Org ID:ca940d4e-fea4-4aa2-9a58-591a58b1ce21
Published At:11 Nov, 2025 | 12:42
Updated At:14 Nov, 2025 | 18:22
Rejected At:
▼CVE Numbering Authority (CNA)
Authentication Bypass in Turkguven's Perfektive

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This issue affects Perfektive: before Version: 12574 Build: 2701.

Affected Products
Vendor
Turkguven Software Technologies Inc.
Product
Perfektive
Default Status
unaffected
Versions
Affected
  • From 0 before Version: 12574 Build: 2701 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-307CWE-307 Improper Restriction of Excessive Authentication Attempts
CWECWE-602CWE-602 Client-Side Enforcement of Server-Side Security
CWECWE-807CWE-807 Reliance on Untrusted Inputs in a Security Decision
Type: CWE
CWE ID: CWE-307
Description: CWE-307 Improper Restriction of Excessive Authentication Attempts
Type: CWE
CWE ID: CWE-602
Description: CWE-602 Client-Side Enforcement of Server-Side Security
Type: CWE
CWE ID: CWE-807
Description: CWE-807 Reliance on Untrusted Inputs in a Security Decision
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-112CAPEC-112 Brute Force
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC-554CAPEC-554 Functionality Bypass
CAPEC ID: CAPEC-112
Description: CAPEC-112 Brute Force
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-554
Description: CAPEC-554 Functionality Bypass
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Ferit ÖZNER
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.usom.gov.tr/bildirim/tr-25-0387
N/A
Hyperlink: https://www.usom.gov.tr/bildirim/tr-25-0387
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:iletisim@usom.gov.tr
Published At:11 Nov, 2025 | 13:15
Updated At:12 Nov, 2025 | 16:19

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This issue affects Perfektive: before Version: 12574 Build: 2701.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-307Primaryiletisim@usom.gov.tr
CWE-602Primaryiletisim@usom.gov.tr
CWE-807Primaryiletisim@usom.gov.tr
CWE ID: CWE-307
Type: Primary
Source: iletisim@usom.gov.tr
CWE ID: CWE-602
Type: Primary
Source: iletisim@usom.gov.tr
CWE ID: CWE-807
Type: Primary
Source: iletisim@usom.gov.tr
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.usom.gov.tr/bildirim/tr-25-0387iletisim@usom.gov.tr
N/A
Hyperlink: https://www.usom.gov.tr/bildirim/tr-25-0387
Source: iletisim@usom.gov.tr
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2019-20881
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.28% / 51.30%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 16:29
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-3412
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.15% / 36.06%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 13:47
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-3scale3scale_api_management3Scale
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-45582
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.57%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:05
Updated-30 Aug, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to  perform a brute force attack on the affected endpoints via repeated login attempts.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimailFortiMail
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-49810
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.3||HIGH
EPSS-0.12% / 31.85%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 15:48
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.

Action-Not Available
Vendor-wwbnWWBN
Product-avideoAVideo
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
Details not found