CVE-2025-27223 | Rocket TRUfusion Enterprise up to 7.10.4.0 getProjectList COOKIEID hard-coded key

October 28, 2025 Yanac

A vulnerability, which was classified as critical, was found in Rocket TRUfusion Enterprise up to 7.10.4.0. This affects an unknown part of the file /trufusionPortal/getProjectList. Executing manipulation of the argument COOKIEID can lead to use of hard-coded cryptographic key
.

This vulnerability appears as CVE-2025-27223. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More