CVE-2025-8855 PUBLISHED

2FA Expiry Bypass in Optimus Software's Brokerage Automation

Assigner: TR-CERT
Reserved: 11.08.2025 Published: 14.11.2025 Updated: 14.11.2025

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry Information.This issue affects Brokerage Automation: before 1.1.71.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS Score: 8.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Optimus Software
Product	Brokerage Automation
Versions	Default: unaffected affected from 0 to 1.1.71 (excl.)

Credits

Can Nesimi ARI finder

References

https://www.usom.gov.tr/bildirim/tr-25-0396

Problem Types

CWE-639 Authorization Bypass Through User-Controlled Key CWE
CWE-640 Weak Password Recovery Mechanism for Forgotten Password CWE
CWE-302 Authentication Bypass by Assumed-Immutable Data CWE

Impacts

CAPEC-22 Exploiting Trust in Client
CAPEC-115 Authentication Bypass
CAPEC-203 Manipulate Registry Information