CVE-2025-12008HIGH 8.8EPSS p15.1%

CVE-2025-12008CVE-2025-12008

Description

Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yaay Social Media App: from 3.8.0 through 24102025.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.24% probability of exploitation · percentile 15.1% · 2026-06-18T12:00:27Z
Published2026-05-14
Last modified2026-05-14

Underlying weaknesses· 1

CWE-639

References

  1. https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0238

1

TypeTargetConfidenceTier
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-8886
CVE
CVE-2025-8887
CVE
CVE-2024-1107
CVE
CVE-2025-9342
CVE
CVE-2025-10912
CVE
CVE-2025-7355
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.