Cyber Posture

CVE-2025-2311

Critical

Published: 20 March 2025

Published
20 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0001 0.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2311 is a critical-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Gov (inferred from references). Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 4 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates CVE-2025-2311 by requiring timely identification, reporting, and correction of software flaws through patching to SecHard version 3.3.0.20220411 or later.

SC-8 Transmission Confidentiality and Integrity good match
prevent

Prevents exploitation of cleartext transmission of sensitive information (CWE-319) by enforcing confidentiality and integrity protections on network transmissions.

AC-6 Least Privilege good match
prevent

Mitigates incorrect use of privileged APIs (CWE-648) and authentication abuse by restricting access to the minimum privileges necessary for tasks.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
attack.mitre.org →
T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
attack.mitre.org →
T1556 Modify Authentication Process Defense Impairment
Adversaries may modify authentication mechanisms and processes to access user credentials or enable otherwise unwarranted access to accounts.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Auth bypass and privileged API misuse enable T1068 (priv esc) and T1556 (auth process abuse); cleartext/insufficient creds map to T1552 and T1040 (sniffing); API monitoring enables T1005 (data harvesting).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.

Deeper analysisAI

CVE-2025-2311 is a vulnerability involving incorrect use of privileged APIs, cleartext transmission of sensitive information, and insufficiently protected credentials in SecHard from Sechard Information Technologies. It affects versions of SecHard prior to 3.3.0.20220411 and enables authentication bypass, interface manipulation, authentication abuse, and harvesting information via API event monitoring. The vulnerability is associated with CWE-319 (cleartext transmission of sensitive information), CWE-522 (insufficiently protected credentials), and CWE-648 (incorrect use of privileged APIs), earning a CVSS v3.1 base score of 9.0.

Attackers can exploit this vulnerability over an adjacent network (AV:A) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). Successful exploitation changes the scope (S:C) and results in high impacts to confidentiality, integrity, and availability (C:I:A:H), allowing adversaries with initial low-level access to bypass authentication mechanisms, manipulate the interface, abuse authentication processes, and harvest sensitive information through API event monitoring.

Mitigation involves upgrading to SecHard version 3.3.0.20220411 or later, as the issue affects only prior versions. Additional details are available in the advisory at https://www.usom.gov.tr/bildirim/tr-25-0074.

Details

CWE(s)
CWE-319CWE-522CWE-648

Affected Products

Gov
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-32171Shared CWE-522
CVE-2025-0867Shared CWE-522
CVE-2025-58107Shared CWE-319
CVE-2025-69271Shared CWE-522
CVE-2026-41329Shared CWE-648
CVE-2026-33575Shared CWE-522
CVE-2026-23661Shared CWE-319
CVE-2025-13718Shared CWE-319
CVE-2025-69272Shared CWE-319
CVE-2026-35155Shared CWE-522

References