Rocketsoftware Trufusion Enterprise — known CVE vulnerabilities
Every CVE whose affected-product data names Rocketsoftware Trufusion Enterprise, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-59793 — CVSS 9.9 (critical): Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be…
CVE-2025-27224 — CVSS 9.8 (critical): TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't…
CVE-2025-27222 — CVSS 8.6 (high): TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application…
CVE-2025-27223 — CVSS 7.5 (high): TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as…
CVE-2022-25026 — CVSS 7.5 (high): A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on…
CVE-2025-27225 — CVSS 7.5 (high): TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users…
CVE-2022-25027 — CVSS 7.5 (high): The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access…
CVE-2025-32355 — CVSS 7.3 (high): Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a…