CVE-2025-11151 HIGH

CVE-2025-11151: Information Disclosure in Beyaz Computer's CityPLus

Vendor Beyaz Bilgisayar Software Design Industry And Trade Ltd. Co.

Product CityPLus

Weakness CWE-200 · Info exposure

Published October 21, 2025

Last update June 4, 2026

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages. This issue affects CityPLus: before V24.29500.1.0.

Key dates

02Disclosure timeline

October 21, 2025 CVE published

June 4, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-11151

Related vulnerabilities

04Related CVE

CVE-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default) CVE-2024-29840 Broken Access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve PIN field values CVE-2022-1332 Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents CVE-2024-21380 Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability CVE-2025-12770 New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling

Identifiers

CVE CVE-2025-11151

CWE CWE-200

CVSS 8.2 / HIGH

Affected versions

Vendor Beyaz Bilgisayar Software Design Industry And Trade Ltd. Co.

Product CityPLus

Affected < V24.29500.1.0