CVE-2025-27631

Medium

The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and…

Hitachi Energy·CWE-90·Published 2025-03-25

CVSS

6.5

EPSS

0.00

KEV

Exploits

Vendor statements (1)

publisher.hitachienergy.com

cve.orgen

204 chars

The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.

NVDes

224 chars

La aplicación web TRMTracker es vulnerable a ataques de inyección LDAP que potencialmente permiten a un atacante inyectar código en una consulta y ejecutar comandos remotos que pueden leer y actualizar datos en el sitio web.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Secondary	NVD	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N