CVE-2025-15023
Yordam Information · Library Automation System
An incorrect authorization vulnerability in the Yordam Library Automation System may allow unauthorized users to gain elevated privileges or access restricted system resources.
Executive summary
A critical authorization flaw in the Yordam Library Automation System could allow unauthenticated attackers to gain unauthorized access to restricted system functionality.
Vulnerability
The application incorrectly handles authorization checks (CWE-863), failing to properly restrict access to sensitive functions. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) confirms the vulnerability is remotely exploitable by an unauthenticated actor, subject to user interaction.
Business impact
This vulnerability allows attackers to bypass intended security boundaries, potentially granting them administrative or unauthorized access to the system. A CVSS score of 8.8 reflects the high severity, as such access could lead to mass data theft or permanent disruption of the library's digital services.
Remediation
Immediate Action: Upgrade the Yordam Library Automation System to version 22.1 or later.
Proactive Monitoring: Review audit logs for unauthorized access attempts or privilege escalation activity within the application.
Compensating Controls: Utilize network segmentation and access control lists (ACLs) to limit exposure of the application interface to untrusted networks.
Exploitation status
Public Exploit Available: No
Analyst recommendation
The identified authorization flaw poses a significant risk to the security of the library system. It is imperative that all affected systems are updated to the latest version (22.1) to ensure proper authorization enforcement and to protect against unauthorized access.