High severity7.5NVD Advisory· Published Jan 12, 2023· Updated Jun 17, 2026
CVE-2022-25027
CVE-2022-25027
Description
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Rocket TRUfusion Portal/Rocket TRUfusion Portaldescription
- Range: 7.9.2.1
Patches
Vulnerability mechanics
References
1- labs.nettitude.com/blog/cve-2022-25026-cve-2022-25027-vulnerabilities-in-rocket-trufusion-enterprise/nvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.