Authorization Bypass Vulnerability in AHE Mobile by Anadolu Hayat Emeklilik Inc.
CVE-2025-9342

6.5MEDIUM

Key Information:

Vendor: Anadolu Hayat Emeklilik Inc.
Status: Ahe Mobile
Vendor: CVE Published:; 23 September 2025

🔔 Create Anadolu Hayat Emeklilik Inc. Vulnerability Alert

What is CVE-2025-9342?

A vulnerability in AHE Mobile by Anadolu Hayat Emeklilik Inc. allows attackers to bypass authorization through user-controlled keys, resulting in potential privilege abuse. Affected versions include AHE Mobile versions prior to 1.9.9. Organizations using these versions should implement updates immediately to mitigate risks associated with unauthorized access.

Affected Version(s)

AHE Mobile 1.9.7 < 1.9.9

References

https://www.usom.gov.tr/bildirim/tr-25-0287

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Aug 22, 2025

Credit

Veli Oğuzcan AKDAĞ

JSON