CVE-2025-9986 in DIGIKENT
Summary
by MITRE • 02/11/2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/11/2026
The vulnerability identified as CVE-2025-9986 represents a critical exposure of sensitive system information to unauthorized control spheres within the DIGIKENT platform developed by Vadi Corporate Information Systems Ltd. Co. This weakness allows malicious actors to gain access to system information that should remain restricted to authorized personnel only, creating a significant security risk for organizations relying on the DIGIKENT system. The vulnerability affects all versions of DIGIKENT through the specific build date of 13092025, indicating that the flaw has been present for an extended period and potentially exploited by threat actors.
The technical flaw underlying CVE-2025-9986 stems from inadequate access controls and information disclosure mechanisms within the DIGIKENT system architecture. This vulnerability falls under the CWE-200 category of "Information Exposure" and represents a direct violation of the principle of least privilege that should govern all system components. The system fails to properly validate access requests and authenticate users before granting access to sensitive system information, allowing unauthorized entities to retrieve data that could include system configurations, user credentials, network topology details, or other confidential operational parameters. The exposure occurs at the boundary between authorized and unauthorized control spheres, where proper security controls should prevent information leakage.
The operational impact of this vulnerability extends beyond simple information disclosure, creating cascading security risks that can lead to more severe compromises. Attackers exploiting this vulnerability can gather intelligence about the target environment, potentially identifying system weaknesses, network configurations, and operational procedures that can be leveraged for further attacks. This information can facilitate advanced persistent threat campaigns, lateral movement within networks, and privilege escalation attempts. The vulnerability enables adversaries to map the system landscape and understand the underlying infrastructure, which aligns with the ATT&CK technique T1082 for system information discovery and T1592 for vulnerability scanning. Organizations using DIGIKENT may experience unauthorized access to sensitive corporate data, system integrity compromise, and potential regulatory compliance violations that could result in significant financial and reputational damage.
Mitigation strategies for CVE-2025-9986 should prioritize immediate implementation of robust access control measures and information flow restrictions within the DIGIKENT system. Organizations must enforce strict authentication mechanisms, implement role-based access controls, and establish proper data classification policies to prevent unauthorized information exposure. The system should be updated with patches addressing the specific access control flaws, and network segmentation should be implemented to isolate sensitive system components. Security monitoring should be enhanced to detect unusual access patterns and information gathering activities that may indicate exploitation attempts. Additionally, regular security assessments and penetration testing should be conducted to identify similar vulnerabilities, with compliance verification against industry standards such as iso 27001 and nist cybersecurity framework to ensure comprehensive protection against information disclosure threats.