Remote Code Inclusion Vulnerability in TUBITAK Liderahenk Software
CVE-2025-7706

6.1MEDIUM

Key Information:

Vendor

Tubitak Bilgem Software Technologies Research Institute

Status
Liderahenk
Vendor
CVE Published:
17 February 2026

What is CVE-2025-7706?

A Missing Authentication for Critical Function vulnerability in TUBITAK's Liderahenk software allows for Remote Code Inclusion, enabling attackers to execute arbitrary code on systems running vulnerable versions. This vulnerability affects Liderahenk versions 3.0.0 through 3.3.1, prior to version 3.5.0, presenting a significant security concern for users and organizations utilizing this software. Prompt action is necessary to mitigate risks associated with this flaw.

Affected Version(s)

Liderahenk 3.0.0 to 3.3.1 < 3.5.0

References

https://www.usom.gov.tr/bildirim/tr-26-0069
third-party-advisory

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Edip ALHAZOURÄ°
.