CNNVD-202602-2292 Information

Feb 13, 2026 cve

CNNVD ID

CNNVD-202602-2292

CVE-2025-14349

  • CNNVD Published: 2026-02-13

Description (Chinese)

Universal FlexCity/Kiosk是土耳其Universal公司的一个智慧城市自助服务终端个系统。 Universal FlexCity/Kiosk 1.0.36之前版本存在访问控制错误漏洞,该漏洞源于特权定义包含不安全操作以及对关键功能缺少身份验证,可能导致访问控制列表未正确约束的功能和权限提升。

Description (English)

Universal FlexCity/Kisk is an intelligent municipal self-service terminal system of Universal Turkey. Prior to the version of Universal FlexCity/Kiosk 1.0.36, there was a bug in access control, which stemmed from the fact that the definition of privileges contained unsafe operations and the lack of authentication of critical functions, which could lead to the enhancement of functions and privileges that were not correctly bound by the access control list.

Hazard Level

Medium

Vulnerability Type

访问控制错误

Affected Vendor

Universal

Published

2026-02-13

Last Modified

2026-02-24

References

https://www.usom.gov.tr/bildirim/tr-26-0065

Patch

https://www.uni-yaz.com/

Share on: