Unrated severityNVD Advisory· Published Oct 27, 2025· Updated Oct 28, 2025
CVE-2025-27223
CVE-2025-27223
Description
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to sensitive internal information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- TRUfusion/TRUfusion Enterprisedescription
- Range: <=7.10.4.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.