PT-2025-40350 · Rocketsoftware · Trufusion Enterprise
Published
2025-10-02
·
Updated
2025-10-27
·
CVE-2025-27225
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TRUfusion Enterprise versions through 7.10.4.0
Description
TRUfusion Enterprise through version 7.10.4.0 has an endpoint,
/trufusionPortal/jsp/internal admin contact login.jsp, accessible to unauthenticated users. This allows attackers to access sensitive internal information, including Personally Identifiable Information (PII).Recommendations
Versions prior to 7.10.4.0 should be updated.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trufusion Enterprise