CNNVD-202510-3525 Information

Oct 27, 2025 cve

CNNVD ID

CNNVD-202510-3525

CVE-2025-27222

CNNVD Published: 2025-10-27

Description (Chinese)

Rocket TRUfusion Enterprise是美国Rocket公司的一个产品生命周期管理平台。 Rocket TRUfusion Enterprise 7.10.4.0及之前版本存在安全漏洞，该漏洞源于未正确清理/trufusionPortal/getCobrandingData端点的输入，可能导致路径遍历攻击和数据泄露。

Description (English)

Rocket TRUfusion Enterprise is a product life-cycle management platform for Rocket, United States. There is a security loophole in Rocket TRUfusion Enterprise 7.10.0 and earlier versions, which stems from input from an incorrect clean-up/trufusionPortal/getCobrandingData endpoint, which may lead to a routing attack and data leak.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Rocket

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-27222.txt https://www.rcesecurity.com/2025/09/when-audits-fail-four-critical-pre-auth-vulnerabilities-in-trufusion-enterprise/ https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise https://access.redhat.com/security/cve/cve-2025-27222

Patch

https://new.trufusion.com/

Share on: