CVE-2025-15024: Yordam Library Automation System Code Injection
The National Vulnerability Database (NVD) has detailed CVE-2025-15024, a high-severity Improper Control of Generation of Code (‘Code Injection’) vulnerability impacting Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.’s Library Automation System. This flaw, with a CVSS v3.1 score of 8.8, allows for Remote Code Inclusion.
The vulnerability affects Library Automation System versions from 19.5 before 22.1. Attackers can leverage this weakness to execute arbitrary code remotely, potentially leading to full system compromise, data exfiltration, or service disruption. The CVSS vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates a network-exploitable vulnerability with low attack complexity, requiring user interaction, but resulting in high impacts to confidentiality, integrity, and availability.
This is a critical issue for any organization running the affected Yordam Library Automation System. Code injection vulnerabilities are a direct path to total control for an attacker. Defenders need to prioritize patching and understand that an attacker’s calculus here is straightforward: find an unpatched system, deliver malicious code, and establish persistence.
What This Means For You
- If your organization uses Yordam Library Automation System, you need to immediately identify your version and patch to v.22.1 or later. Prioritize this as a critical patching task, as remote code execution is a game-over scenario for any system.
Related ATT&CK Techniques
🛡️ Detection Rules
4 rules · 6 SIEM formats4 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Web Application Exploitation Attempt — CVE-2025-15024
title: Web Application Exploitation Attempt — CVE-2025-15024
id: scw-2026-05-14-1
status: experimental
level: high
description: |
Detects common exploitation patterns targeting web applications. Review CVE-2025-15024 advisories for specific indicators.
author: SCW Feed Engine (auto-generated)
date: 2026-05-14
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2025-15024/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- '..'
- 'SELECT'
- 'UNION'
- '<script'
- 'cmd='
- '/etc/passwd'
condition: selection
falsepositives:
- Legitimate activity from CVE-2025-15024
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-15024 | Code Injection | Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System |
| CVE-2025-15024 | Code Injection | Library Automation System versions from v.19.5 before v.22.1 |
| CVE-2025-15024 | RCE | Remote Code Inclusion |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 14, 2026 at 21:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-8621: Crabbox Authentication Bypass Allows Impersonation
CVE-2026-8621 — Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity...
CVE-2026-45375: Critical XSS in SiYuan Knowledge Management System
CVE-2026-45375 — SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar (community marketplace) renders the name and version fields of a...
CVE-2026-45148 — SiYuan is an open-source personal knowledge management
CVE-2026-45148 — SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers...