Vulnerabilities

CVE-2025-27225

by Fred · 27/10/2025

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers.

More information : https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-27225.txt

Similar

Tags: Cybersecurity Alert