Security Advisory

CVE-2025-27225

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-27 00:00:00

Last updated 2025-10-27 18:51:30

Assigner mitre

State PUBLISHED

Description

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers.

← Browse all CVEs View on cve.org ↗