CVE-2025-8861
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-29

Last updated on: 2025-08-29

Assigner: TWCERT/CC

Description
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-29
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-8861
EUVD
EUVD-2025-28806
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
changing tsa *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-8861 is a critical vulnerability in Changing's TSA product caused by missing authentication. This flaw allows unauthenticated remote attackers to access the system over the network and read, modify, or delete database contents without any privileges or user interaction. [1, 2]

Impact Analysis

This vulnerability can severely impact you by compromising the confidentiality, integrity, and availability of your database. Attackers can remotely read sensitive data, alter it, or delete it entirely, potentially causing data loss, corruption, or unauthorized data disclosure. [1, 2]

Mitigation Strategies

The recommended immediate step is to contact the vendor to confirm the availability of a fix or patch for the vulnerability. Ensure that your TSA product version is updated to a version released after February 6, 2025, which presumably addresses this missing authentication issue. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8861. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart