Authorization Bypass Vulnerability in Yaay Social Media App by APPYAP Technology
CVE-2025-12008

8.8HIGH

Key Information:

Vendor: Appyap Technology And Information Inc.
Status: Yaay Social Media App
Vendor: CVE Published:; 14 May 2026

🔔 Create Appyap Technology And Information Inc. Vulnerability Alert

What is CVE-2025-12008?

The Yaay Social Media App by APPYAP Technology and Information Inc. contains a vulnerability that allows unauthorized access due to improper Access Control List (ACL) constraints. This weakness stems from a user-controlled key feature, which can be exploited to bypass authorization checks, granting users access to functionalities that should be restricted. This issue affects versions from 3.8.0 to 24102025, highlighting the importance of immediate updates and security measures to protect user data and uphold application integrity.

Affected Version(s)

Yaay Social Media App 3.8.0 <= 24102025

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/...

government-resource

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Oct 21, 2025

Credit

Aybora ÜNVEREN

CVE-2025-12008 Data

JSON