Refine your search
1 vulnerability found for by kromitgmbh
CVE-2025-69288 (GCVE-0-2025-69288)
Vulnerability from cvelistv5
Published
2025-12-31 21:55
Modified
2026-01-02 14:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kromitgmbh | titra |
Version: < 0.99.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69288",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T14:16:04.622176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T14:35:24.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-pqgx-6wg3-gmvr"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "titra",
"vendor": "kromitgmbh",
"versions": [
{
"status": "affected",
"version": "\u003c 0.99.49"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T21:55:44.667Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-pqgx-6wg3-gmvr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-pqgx-6wg3-gmvr"
},
{
"name": "https://github.com/kromitgmbh/titra/commit/2e2ac5cbeed47a76720b21c7fde0214a242e065e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/commit/2e2ac5cbeed47a76720b21c7fde0214a242e065e"
},
{
"name": "https://github.com/kromitgmbh/titra/releases/tag/0.99.49",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/releases/tag/0.99.49"
}
],
"source": {
"advisory": "GHSA-pqgx-6wg3-gmvr",
"discovery": "UNKNOWN"
},
"title": "Titra has Remote Code Execution in Admin Functionality"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-69288",
"datePublished": "2025-12-31T21:55:44.667Z",
"dateReserved": "2025-12-31T16:39:43.832Z",
"dateUpdated": "2026-01-02T14:35:24.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}