CVE-2025-54943

Published: Aug 30, 2025Modified: Jan 30, 2026

9.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: ART@zuso.ai (Secondary)

Description

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.

Affected (1)

Products: Sun.net: Ehrd Ctms

Sun.net

1 product

Ehrd Ctms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sun.net Ehrd Ctms	Before 10.11

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (1)

https://zuso.ai/advisory/za-2025-11

Source: ART@zuso.ai

Timeline

No history available yet.