CNNVD-202510-3522 Information

Oct 27, 2025 cve

CNNVD ID

CNNVD-202510-3522

CVE-2025-27225

CNNVD Published: 2025-10-27

Description (Chinese)

Rocket TRUfusion Enterprise是美国Rocket公司的一个产品生命周期管理平台。 Rocket TRUfusion Enterprise 7.10.4.0及之前版本存在安全漏洞，该漏洞源于向未经验证的用户暴露内部管理端点，可能导致敏感信息泄露。

Description (English)

Rocket TRUfusion Enterprise is a product life-cycle management platform for Rocket, United States. Rocket TRUfusion Enterprise 7.10.0 and previous versions contain a security loophole, which originates from the exposure of an internal management endpoint to uncertified users and may lead to the disclosure of sensitive information.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Rocket

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-27225.txt https://www.rcesecurity.com/2025/09/when-audits-fail-four-critical-pre-auth-vulnerabilities-in-trufusion-enterprise/ https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise https://access.redhat.com/security/cve/cve-2025-27225

Patch

https://new.trufusion.com/

Share on: