Cyber Resilience

CVE-2025-10174

HighUpdated

Published: 11 February 2026

Published
11 February 2026
Modified
05 June 2026
KEV Added
Patch
CVSS Score v3.1 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
EPSS Score 0.0012 2.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-10174 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Gov (inferred from references). Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 2.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2025-10174 is a Cleartext Transmission of Sensitive Information vulnerability (CWE-319) in Pan Software & Information Technologies Ltd.'s PanCafe Pro software. This issue affects PanCafe Pro versions from below 3.3.2 through 23092025 and enables Flooding. The vulnerability has a CVSS v3.1 base score of 8.3 (High), reflecting attack vector (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), low integrity impact (I:L), and high availability impact (A:H).

An adjacent network attacker can exploit CVE-2025-10174 without privileges or user interaction. Exploitation allows disclosure of sensitive information transmitted in cleartext, partial modification of data or resources (low integrity impact), and significant disruption of service through flooding (high availability impact).

The advisory at https://www.usom.gov.tr/bildirim/tr-26-0058 provides additional details on this vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding. This issue affects PanCafe Pro: from < 3.3.2 through 23092025.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
T1498 Network Denial of Service Impact
Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users.
Why these techniques?

Cleartext sensitive data on adjacent network directly enables sniffing (T1040); explicit flooding impact enables network DoS (T1498).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-67159Shared CWE-319
CVE-2025-13718Shared CWE-319
CVE-2026-30796Shared CWE-319
CVE-2024-36558Shared CWE-319
CVE-2026-30795Shared CWE-319
CVE-2026-23661Shared CWE-319
CVE-2025-70048Shared CWE-319
CVE-2025-1060Shared CWE-319
CVE-2025-0556Shared CWE-319
CVE-2024-44276Shared CWE-319

Affected Assets

Gov
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces cryptographic protection to prevent disclosure and modification of sensitive information transmitted in cleartext over adjacent networks.

prevent

Protects against flooding attacks that cause high availability impact by limiting denial-of-service effects from adjacent network attackers.

prevent

Remediates the specific software flaw in PanCafe Pro versions below 3.3.2 through 23092025 by applying vendor patches or updates.

References