CVE-2025-55077
BaseFortify
Publication date: 2025-08-07
Last updated on: 2025-09-23
Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tylertech | erp_pro_9 | 2025-08-01 |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-668 | The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
| CWE-NVD-CWE-noinfo | |
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application sandbox and execute limited operating system commands on the remote Microsoft Windows environment with the privileges of the authenticated user.
How can this vulnerability impact me? :
An attacker who is authenticated can execute limited OS commands on the remote Windows environment, potentially leading to unauthorized actions or access within the system at the level of the authenticated user.
What immediate steps should I take to mitigate this vulnerability?
Apply the hardened remote Windows environment settings deployed by Tyler Technologies to all ERP Pro 9 SaaS customer environments as of 2025-08-01.