CNNVD-202510-3524 Information

CNNVD ID

CNNVD-202510-3524

Related CVE

CVE-2025-27223

• CNNVD Published: 2025-10-27

Description (Chinese)

Rocket TRUfusion Enterprise是美国Rocket公司的一个产品生命周期管理平台。 Rocket TRUfusion Enterprise 7.10.4.0及之前版本存在安全漏洞，该漏洞源于使用静态密钥创建加密cookie，可能导致伪造cookie并访问敏感内部信息。

Description (English)

Rocket TRUfusion Enterprise is a product life-cycle management platform for Rocket, United States. Rocket TRUfusion Enterprise 7.10.0 and previous versions contain a security loophole, which stems from the use of static keys to create encrypted cookies, which could lead to the falsification of cookies and access to sensitive internal information.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Rocket

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-27223.txt https://www.rcesecurity.com/2025/09/when-audits-fail-four-critical-pre-auth-vulnerabilities-in-trufusion-enterprise/ https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise https://access.redhat.com/security/cve/cve-2025-27223

Patch

https://new.trufusion.com/