CVE-2025-8590 – This vulnerability allows unauthorized actors t... (How to Fix)

Q: What is the severity of CVE-2025-8590?

CVE-2025-8590 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthorized actors to access directory listings in AKCE Software Technology's SKSPro software, potentially exposing sensitive file information. All SKSPro installations through version 07012026 are affected by this directory indexing flaw.

📋 TL;DR

This vulnerability allows unauthorized actors to access directory listings in AKCE Software Technology's SKSPro software, potentially exposing sensitive file information. All SKSPro installations through version 07012026 are affected by this directory indexing flaw.

💻 Affected Systems

Products:

AKCE Software Technology R&D Industry and Trade Inc. SKSPro

Versions: through 07012026

Operating Systems: Unknown

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with default configuration appear vulnerable. Specific OS requirements not documented in CVE.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could discover and download sensitive configuration files, credentials, or proprietary data through exposed directory listings, leading to full system compromise.

🟠

Likely Case

Unauthenticated attackers can enumerate directory structures and potentially access sensitive files that shouldn't be publicly accessible.

🟢

If Mitigated

With proper web server hardening and access controls, directory indexing would be disabled, preventing information disclosure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory indexing vulnerabilities typically require no authentication and are trivial to exploit using standard web browsers or tools like curl.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-26-0011

Restart Required: No

Instructions:

1. Check vendor advisory for updates. 2. Upgrade to version after 07012026 when available. 3. Apply vendor-recommended configuration changes.

🔧 Temporary Workarounds

Disable Directory Indexing

all

Configure web server to disable automatic directory listing

For Apache: 'Options -Indexes' in .htaccess or httpd.conf
For Nginx: 'autoindex off;' in server block

Restrict Access with Web Application Firewall

all

Block requests that attempt directory traversal or listing

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to SKSPro instances
Deploy web application firewall with rules to detect and block directory indexing attempts

🔍 How to Verify

Check if Vulnerable:

Access SKSPro web interface and attempt to navigate to directories without index files (e.g., /images/, /docs/) to see if directory listing is displayed.

Check Version:

Check SKSPro administration panel or configuration files for version information

Verify Fix Applied:

After applying fixes, verify directory listings return 403 Forbidden or custom error page instead of file listings.

📡 Detection & Monitoring

Log Indicators:

Multiple 200 OK responses to directory paths without index files
Requests for common directory names like /admin/, /backup/, /config/

Network Indicators:

HTTP requests ending with '/' returning directory listings
Unusual file enumeration patterns

SIEM Query:

web_access_logs | where status_code = 200 and url contains '/' and not url contains '.' and not url contains 'index'

📊 Metadata

CVE ID: CVE-2025-8590

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: February 3, 2026

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://www.usom.gov.tr/bildirim/tr-26-0011

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8590, you might also want to check these: