📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Artificial Intelligence and Technology HIGH 22m Global general Technology and Artificial Intelligence MEDIUM 3h Global general Technology and Artificial Intelligence HIGH 4h Global vulnerability Higher Education CRITICAL 13h Global data_breach Government HIGH 14h Global supply_chain Software Development and Open Source Communities CRITICAL 14h Global malware Software Development CRITICAL 14h Global phishing Multiple Sectors HIGH 15h Global vulnerability Web Applications CRITICAL 16h Global apt Critical Infrastructure CRITICAL 16h Global vulnerability Artificial Intelligence and Technology HIGH 22m Global general Technology and Artificial Intelligence MEDIUM 3h Global general Technology and Artificial Intelligence HIGH 4h Global vulnerability Higher Education CRITICAL 13h Global data_breach Government HIGH 14h Global supply_chain Software Development and Open Source Communities CRITICAL 14h Global malware Software Development CRITICAL 14h Global phishing Multiple Sectors HIGH 15h Global vulnerability Web Applications CRITICAL 16h Global apt Critical Infrastructure CRITICAL 16h Global vulnerability Artificial Intelligence and Technology HIGH 22m Global general Technology and Artificial Intelligence MEDIUM 3h Global general Technology and Artificial Intelligence HIGH 4h Global vulnerability Higher Education CRITICAL 13h Global data_breach Government HIGH 14h Global supply_chain Software Development and Open Source Communities CRITICAL 14h Global malware Software Development CRITICAL 14h Global phishing Multiple Sectors HIGH 15h Global vulnerability Web Applications CRITICAL 16h Global apt Critical Infrastructure CRITICAL 16h
Vulnerabilities

CVE-2025-8590

High
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 070
CWE-200 — Weakness Type
Published: Feb 3, 2026  ·  Modified: Feb 28, 2026  ·  Source: NVD
CVSS v3
7.5
🔗 NVD Official
📄 Description (English)

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026.

🤖 AI Executive Summary

CVE-2025-8590 is a directory indexing vulnerability in AKCE Software Technology's SKSPro product that exposes sensitive information to unauthorized actors. With a CVSS score of 7.5, this vulnerability allows attackers to enumerate and access files and directories that should be restricted. The vulnerability affects SKSPro versions through 07012026, and while no public exploit is currently available, the high severity rating and information disclosure nature make immediate patching critical for affected organizations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 2, 2026 23:36
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations using SKSPro, particularly in government agencies (NCA, CITC), banking sector (SAMA-regulated institutions), healthcare facilities, and energy companies that may utilize this software for document management or web services. Directory indexing vulnerabilities can expose confidential business documents, personal data, system configuration files, and credentials. Organizations in the Kingdom relying on SKSPro for sensitive operations face potential data breaches, regulatory non-compliance with SAMA and NCA requirements, and reputational damage.
🏢 Affected Saudi Sectors
Government (NCA, CITC, Ministry of Interior) Banking and Financial Services (SAMA-regulated) Healthcare (MOH facilities) Energy (ARAMCO, utilities) Telecommunications (STC, Mobily) Education E-commerce and Retail
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
1. IMMEDIATE ACTIONS:

   - Identify all systems running SKSPro and document their versions

   - Disable directory indexing at the web server level (Apache/IIS configuration)

   - Implement .htaccess or web.config rules to prevent directory listing

   - Restrict access to sensitive directories using firewall rules and access controls



2. PATCHING:

   - Apply the latest SKSPro patch immediately (versions after 07012026)

   - Test patches in non-production environments first

   - Schedule patching during maintenance windows with minimal business impact



3. COMPENSATING CONTROLS:

   - Configure web server to return 403 Forbidden for directory requests

   - Implement Web Application Firewall (WAF) rules to block directory enumeration attempts

   - Enable detailed logging and monitoring of directory access attempts

   - Conduct file system audit to identify exposed sensitive files



4. DETECTION RULES:

   - Monitor HTTP requests with trailing slashes (/) to directories

   - Alert on 200 OK responses to directory requests

   - Track access to common sensitive paths (/admin, /config, /backup, /upload)

   - Log and analyze requests containing directory traversal patterns
🔧 خطوات المعالجة (العربية)
1. الإجراءات الفورية:

   - تحديد جميع الأنظمة التي تعمل بـ SKSPro وتوثيق إصداراتها

   - تعطيل فهرسة الدلائل على مستوى خادم الويب (إعدادات Apache/IIS)

   - تطبيق قواعد .htaccess أو web.config لمنع قائمة الدلائل

   - تقييد الوصول إلى الدلائل الحساسة باستخدام قواعد جدار الحماية والتحكم في الوصول



2. التصحيح:

   - تطبيق أحدث تصحيح SKSPro فوراً (الإصدارات بعد 07012026)

   - اختبار التصحيحات في بيئات غير الإنتاج أولاً

   - جدولة التصحيح خلال نوافذ الصيانة بأقل تأثير على العمل



3. الضوابط البديلة:

   - تكوين خادم الويب لإرجاع 403 Forbidden لطلبات الدلائل

   - تطبيق قواعد جدار تطبيقات الويب (WAF) لحظر محاولات تعداد الدلائل

   - تفعيل السجلات التفصيلية ومراقبة محاولات الوصول إلى الدلائل

   - إجراء تدقيق نظام الملفات لتحديد الملفات الحساسة المكشوفة



4. قواعد الكشف:

   - مراقبة طلبات HTTP مع شرطات مائلة (/) للدلائل

   - تنبيهات على استجابات 200 OK لطلبات الدلائل

   - تتبع الوصول إلى المسارات الحساسة الشائعة (/admin, /config, /backup, /upload)

   - تسجيل وتحليل الطلبات التي تحتوي على أنماط اجتياز الدلائل
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Information Security Policies and Procedures ECC 2024 A.6.1.2 - Access Control and User Management ECC 2024 A.8.2.1 - Classification and Handling of Information Assets ECC 2024 A.12.4.1 - Event Logging and Monitoring
🔵 SAMA CSF
Governance & Risk Management - Information Security Risk Assessment Protective Security - Access Control and Authentication Protective Security - Data Protection and Privacy Detection & Response - Security Monitoring and Incident Detection
🟡 ISO 27001:2022
ISO 27001:2022 A.5.1 - Policies for Information Security ISO 27001:2022 A.6.1 - Screening and Onboarding ISO 27001:2022 A.8.1 - User Endpoint Devices ISO 27001:2022 A.8.2 - Privileged Access Rights ISO 27001:2022 A.8.3 - Information Access Restriction ISO 27001:2022 A.12.4 - Logging
🟣 PCI DSS v4.0.1
PCI DSS 1.1 - Firewall Configuration Standards PCI DSS 2.1 - Default Passwords and Security Parameters PCI DSS 6.2 - Security Patches and Updates PCI DSS 10.2 - User Access Logging
📊 CVSS Score
7.5
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityN — None / Network
AvailabilityN — None / Network
📋 Quick Facts
Severity High
CVSS Score7.5
CWECWE-200
EPSS0.02%
Exploit No
Patch ✓ Yes
Published 2026-02-03
Source Feed nvd
Views 5
🇸🇦 Saudi Risk Score
7.8
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-200
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.