Authorization Bypass Vulnerability in Akinsoft OctoCloud
CVE-2025-0640

4.7MEDIUM

Key Information:

Vendor: Akinsoft
Status: Octocloud
Vendor: CVE Published:; 2 September 2025

What is CVE-2025-0640?

A vulnerability present in Akinsoft's OctoCloud allows for an authorization bypass through a user-controlled key. This flaw can lead to resource leak exposure, potentially compromising sensitive data and system integrity. The affected versions range from s1.09.02 to below v1.11.01, highlighting the need for prompt updates and security assessments to mitigate risks associated with unauthorized access.

Affected Version(s)

OctoCloud s1.09.02

References

https://www.usom.gov.tr/bildirim/tr-25-0203

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Jan 22, 2025

Credit

Berat ARSLAN