Unrated severityNVD Advisory· Published Oct 27, 2025· Updated Oct 27, 2025
CVE-2025-27222
CVE-2025-27222
Description
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file that is accessible by the TRUfusion user and can also be used to leak cleartext passwords of TRUfusion Enterprise itself.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- TRUfusion/TRUfusion Enterprisedescription
- Range: <=7.10.4.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.