Privilege Abuse Vulnerability in Beamsec's PhishPro Software
CVE-2025-5997

8.8HIGH

Key Information:

Vendor: Beamsec
Status: PhisHPro
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-5997?

An issue has been identified in Beamsec's PhishPro software, where an improper use of privileged APIs can lead to privilege abuse. This vulnerability primarily affects versions prior to 7.5.4.2. Users may find that unauthorized parties can exploit these API calls, potentially gaining access to sensitive information or functionalities that should be restricted. It is crucial for users to update their software to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

PhishPro 0 < 7.5.4.1

References

https://www.usom.gov.tr/bildirim/tr-25-0181

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

Musa Atalay

Directorate General of Civil Aviation