CVE-2025-54942

CRITICAL

9.8

Description

A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie8/30/2025

Derniere modification1/30/2026

Sourcenvd

Observations honeypot0

Produits affectes

sun.net:ehrd_ctms

Faiblesses (CWE)

CWE-306

References

https://zuso.ai/advisory/za-2025-10(ART@zuso.ai)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.