PT-2026-40908 · Unknown · Yaay Social Media App
Aybora Ünveren
·
Published
2026-05-14
·
Updated
2026-05-14
·
CVE-2025-12008
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Yaay Social Media App versions 3.8.0 through 24102025
Description
An authorization bypass exists due to a user-controlled key, which allows access to functionality not properly constrained by Access Control Lists (ACLs), which are sets of rules that define permissions for users or systems to access specific resources.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yaay Social Media App