CVE-2025-9846

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0410%

EPSS Percentile7.32th

PublishedSep 23, 2025

Last ModifiedJun 5, 2026

Vulnerability Description

Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection. This issue affects Inka.Net: before 6.7.1.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0288

🔗 https://www.usom.gov.tr/bildirim/tr-25-0288

Related Vulnerabilities

CVE-2025-428510.0

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technol...

CVE-2025-437810.0

Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile ...

CVE-2025-524310.0

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command In...

CVE-2025-958810.0

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archivin...