Home / Vulnerability Intelligence / CVE-2025-14349

CVE-2025-14349 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: February 13, 2026

Universal Software Inc. FlexCity/Kiosk - Broken Access Control

Published: February 13, 2026Updated: February 13, 2026Remote Exploitable

Overview

Universal Software Inc. FlexCity/Kiosk >= 1.0 and < 1.0.36 contains a broken access control caused by missing authentication and unsafe privilege definitions, letting attackers escalate privileges and access unauthorized functionality, exploit requires no special conditions.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 5.0%(Probability of exploitation in next 30 days)

Impact

Attackers can escalate privileges and access unauthorized functionality, potentially compromising system integrity.

Mitigation

Upgrade to version 1.0.36 or later.

References

https://www.usom.gov.tr/bildirim/tr-26-0065

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 13, 2026

🟠 CVE-2025-14349 - High (8.8) Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects Fl... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14349/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-14349
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: unconfirmed
EPSS: 5.0%
Social Posts: 1

CWE

CWE-267

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.0%Probability of exploitation in the next 30 days