Home

Description

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers.

PUBLISHED Reserved 2025-02-20 | Published 2025-10-27 | Updated 2025-10-27 | Assigner mitre

References

www.rocketsoftware.com/...ration/rocket-trufusion-enterprise

www.rcesecurity.com/...nerabilities-in-trufusion-enterprise/

github.com/...advisories/blob/master/CVEs/CVE-2025-27225.txt

cve.org (CVE-2025-27225)

nvd.nist.gov (CVE-2025-27225)

Download JSON