cvedb.io
CVE-2022-25027
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2023-01-12T23:15:09.910 · Last modified 2026-06-17T04:32:57.330

Summary

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.

Affected products

rocketsoftware — trufusion_enterprise

Does this affect you?

Add your gear to cvedb and we'll alert you only when rocketsoftware ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.