CVE-2025-8861
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-08-29
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| changing | tsa | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8861 is a critical vulnerability in Changing's TSA product caused by missing authentication. This flaw allows unauthenticated remote attackers to access the system over the network and read, modify, or delete database contents without any privileges or user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can severely impact you by compromising the confidentiality, integrity, and availability of your database. Attackers can remotely read sensitive data, alter it, or delete it entirely, potentially causing data loss, corruption, or unauthorized data disclosure. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step is to contact the vendor to confirm the availability of a fix or patch for the vulnerability. Ensure that your TSA product version is updated to a version released after February 6, 2025, which presumably addresses this missing authentication issue. [1, 2]