Auth bypass in Rocketsoftware Trufusion_enterprise

CVE-2022-25027

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.

EPSS: 0.011 (60.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2022-25027?
CVE-2022-25027 is a high-severity vulnerability in Rocketsoftware Trufusion_enterprise, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 7.5/10. Published 2023-01-12.
How severe is CVE-2022-25027?
High severity. CVSS v3 base score is 7.5 out of 10.