CVE-2025-54942
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-30
Last updated on: 2025-09-25
Assigner: ZUSO Advanced Research Team (ZUSO ART)
Description
Description
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sun.net | ehrd_ctms | to 10.11 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing authentication for a critical function in the SUNNET Corporate Training Management System versions before 10.11. It allows remote attackers to access deployment functionality without needing to authenticate first.
How can this vulnerability impact me? :
Because attackers can access deployment functionality without authentication, they could potentially manipulate or disrupt the deployment process, leading to unauthorized changes, data compromise, or system instability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70