PT-2026-7988 · Universal Software · Flexcity/Kiosk
İbrahim Yi̇ği̇tsoy
·
Published
2026-02-13
·
Updated
2026-03-02
·
CVE-2025-14349
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Universal Software Inc. FlexCity/Kiosk versions prior to 1.0.36
Description
A flaw exists in Universal Software Inc. FlexCity/Kiosk that allows accessing functionality not properly constrained by Access Control Lists (ACLs), potentially leading to privilege escalation. The issue stems from privileges defined with unsafe actions and missing authentication for a critical function.
Recommendations
Update FlexCity/Kiosk to version 1.0.36 or later.
Fix
LPE
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Flexcity/Kiosk