Cyber Resilience

CVE-2025-11151

HighUpdated

Published: 21 October 2025

Published
21 October 2025
Modified
04 June 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0004 14.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11151 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Gov (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, ranked at the 14.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages. This issue affects CityPLus: before…

more

V24.29500.1.0.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Gov
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-200 CWE-497

Review and removal of nonpublic information from publicly accessible systems directly prevents exposure of sensitive data to unauthorized actors.

addresses: CWE-200 CWE-497

Data mining protection mechanisms detect and block unauthorized bulk extraction of sensitive data, directly mitigating exposure to unauthorized actors.

addresses: CWE-200 CWE-497

Documenting information locations and authorized users enables better protection against unauthorized exposure of sensitive data.

addresses: CWE-200 CWE-497

Shielding or other emanation protections directly prevent sensitive information from reaching unauthorized actors via electromagnetic signals.

addresses: CWE-200 CWE-497

Minimizing PII in testing/training/research directly reduces the volume of sensitive data present in environments where it could be exposed to unauthorized actors.

addresses: CWE-200 CWE-497

Categorization identifies sensitive data so that confidentiality protections commensurate with impact level are selected and documented.

addresses: CWE-200 CWE-497

Concealment techniques directly prevent real sensitive data from being exposed to adversaries.

addresses: CWE-200 CWE-497

Restricts error message visibility to authorized recipients, directly reducing unauthorized exposure of sensitive information.

References