CVE-2025-27223

Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0

Description The application uses a static key to encrypt the COOKIEID, which serves as an authentication mechanism for certain endpoints, such as /trufusionPortal/getProjectList. This allows for the forging of cookies, potentially granting unauthorized access to sensitive internal information.

Recommendations Versions prior to 7.10.4.0 should be updated.