CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-54943

CVSS 9.3v4.0pub. 2025-08-30upd. 2026-01-30

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Sun.net Ehrd Ctms

    APP
    Sun.Net
    < 10.11
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-54942CRITICAL9.3PL ✓ten sam produkt

Brak uwierzytelnienia w SUNNET CTMS — dostęp do funkcji wdrożeniowych

CVE-2025-54945CRITICAL10.0PL ✓ten sam produkt

RCE poprzez external control of file path w SUNNET CTMS

CVE-2025-54946CRITICAL9.3PL ✓ten sam produkt

SQL Injection w SUNNET Corporate Training Management System

CVE-2024-10440CRITICAL9.8PL ✓ten sam produkt

SQL Injection w eHDR CTMS (Sunnet) umożliwia nieautoryzowany dostęp do bazy

CVE-2026-7489HIGH8.7ten sam produkt

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject ...