CVE-2025-63747
BaseFortify
Publication date: 2025-11-17
Last updated on: 2025-11-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| testmanagement | qatraq | 6.9.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-521 | The product does not require that users should have strong passwords. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
QaTraq 6.9.2 includes default administrative account credentials that are enabled by default. This means that anyone who can access the web application login page can use these credentials to immediately gain administrative access without needing to bypass any security measures.
How can this vulnerability impact me? :
This vulnerability allows an attacker to gain administrative access to the QaTraq application simply by reaching the login page, potentially leading to unauthorized control over the system, data exposure, or manipulation of application settings.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately change or disable the default administrative account credentials in QaTraq 6.9.2. Restrict access to the web application login page to trusted users or networks, and consider implementing additional authentication controls to prevent unauthorized administrative access.