CNNVD-202510-3523 Information

Oct 27, 2025 cve

CNNVD ID

CNNVD-202510-3523

CVE-2025-27224

CNNVD Published: 2025-10-27

Description (Chinese)

Rocket TRUfusion Enterprise是美国Rocket公司的一个产品生命周期管理平台。 Rocket TRUfusion Enterprise 7.10.4.0及之前版本存在安全漏洞，该漏洞源于未正确清理/trufusionPortal/fileupload端点的输入，可能导致路径遍历攻击和执行任意代码。

Description (English)

Rocket TRUfusion Enterprise is a product life-cycle management platform for Rocket, United States. There is a security loophole in Rocket TRUfusion Enterprise 7.10.0 and previous versions, which originates from input from an incorrect clean-up/trufusionPortal/fileupload end point, which may lead to a path-by-way attack and implementation of any code.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Rocket

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-27224.txt https://www.rcesecurity.com/2025/09/when-audits-fail-four-critical-pre-auth-vulnerabilities-in-trufusion-enterprise/ https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise https://access.redhat.com/security/cve/cve-2025-27224

Patch

https://new.trufusion.com/

Share on: