cvedb.io
CVE-2025-69288
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2025-12-31T22:15:49.410 · Last modified 2026-06-17T10:00:26.077

Summary

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue.

Affected products

kromit — titra

Does this affect you?

Add your gear to cvedb and we'll alert you only when kromit ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.