{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1928", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-03-04T11:45:39.525Z", "datePublished": "2025-12-19T12:08:35.180Z", "dateUpdated": "2026-06-06T06:24:59.295Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-06T06:24:59.295Z"}, "title": "Improper Authentication in Restajet's Online Food Delivery System", "datePublic": "2025-12-19T12:02:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-50", "descriptions": [{"lang": "en", "value": "CAPEC-50 Password Recovery Exploitation"}]}], "affected": [{"vendor": "Restajet Information Technologies Inc.", "product": "Online Food Delivery System", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "19122025", "versionType": "custom"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.\n\nThis issue affects Online Food Delivery System: through 19122025.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.<p>This issue affects Online Food Delivery System: through 19122025.&nbsp;NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</p>"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0469", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0469", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "credits": [{"lang": "en", "value": "Berat ARSLAN", "type": "finder"}], "source": {"defect": ["TR-25-0469"], "advisory": "TR-25-0469", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-19T13:53:31.375709Z", "id": "CVE-2025-1928", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-19T13:53:52.828Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1928", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-19T13:53:31.375709Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-19T13:53:43.904Z"}}], "cna": {"title": "Improper Authentication in Restajet's Online Food Delivery System", "source": {"defect": ["TR-25-0469"], "advisory": "TR-25-0469", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Berat ARSLAN"}], "impacts": [{"capecId": "CAPEC-50", "descriptions": [{"lang": "en", "value": "CAPEC-50 Password Recovery Exploitation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Restajet Information Technologies Inc.", "product": "Online Food Delivery System", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "19122025"}], "defaultStatus": "unknown"}], "datePublic": "2025-12-19T12:02:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0469", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0469", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.\n\nThis issue affects Online Food Delivery System: through 19122025.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "supportingMedia": [{"type": "text/html", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.<p>This issue affects Online Food Delivery System: through 19122025.&nbsp;NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-06T06:24:59.295Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1928", "state": "PUBLISHED", "dateUpdated": "2026-06-06T06:24:59.295Z", "dateReserved": "2025-03-04T11:45:39.525Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2025-12-19T12:08:35.180Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:restajet:online_food_delivery_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9645287-A3CA-4036-B2DB-513F54F58AE6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.\n\nThis issue affects Online Food Delivery System: through 19122025.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Vulnerabilidad de restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos en el sistema de entrega de comida en l\u00ednea de Restajet Information Technologies Inc. permite la explotaci\u00f3n de recuperaci\u00f3n de contrase\u00f1a. Este problema afecta al sistema de entrega de comida en l\u00ednea: hasta el 19122025. NOTA: Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2025-1928", "lastModified": "2026-06-06T08:16:50.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}, "published": "2025-12-19T13:16:03.313", "references": [{"source": "iletisim@usom.gov.tr", "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0469"}, {"source": "iletisim@usom.gov.tr", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-25-0469"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}

{}

{"created": "2025-12-21T21:12:57.910946+00:00", "updated": "2025-12-21T21:12:57.910972+00:00", "vendors": ["restajet", "restajet$PRODUCT$online_food_delivery_system"]}