CVE-2025-15024

RCE in Yordam Informatics' Library Automation System

CVSS 8.8 HIGHEPSS 0.2%CWE-94

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 May 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22.1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. · Library Automation System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240