CVE-2025-27222 – CVE-2025-27222 is a path traversal vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-27222?

CVE-2025-27222 has a CVSS score of 8.6 (HIGH). CVE-2025-27222 is a path traversal vulnerability in TRUfusion Enterprise's /trufusionPortal/getCobrandingData endpoint that allows attackers to read arbitrary files on the server. This can expose sensitive data including cleartext passwords for the TRUfusion system itself. All TRUfusion Enterprise installations through version 7.10.4.0 are affected.

📋 TL;DR

CVE-2025-27222 is a path traversal vulnerability in TRUfusion Enterprise's /trufusionPortal/getCobrandingData endpoint that allows attackers to read arbitrary files on the server. This can expose sensitive data including cleartext passwords for the TRUfusion system itself. All TRUfusion Enterprise installations through version 7.10.4.0 are affected.

💻 Affected Systems

Products:

Rocket TRUfusion Enterprise

Versions: through 7.10.4.0

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using the vulnerable endpoint are affected regardless of configuration.

📦 What is this software?

Trufusion Enterprise by Rocketsoftware

View all CVEs affecting Trufusion Enterprise →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of TRUfusion Enterprise credentials leading to full system takeover, exposure of all server files accessible to the TRUfusion user, and potential lateral movement to connected systems.

🟠

Likely Case

Exfiltration of sensitive configuration files, database credentials, and TRUfusion passwords enabling unauthorized access to business integration systems.

🟢

If Mitigated

Limited file access restricted by OS permissions, but still potential exposure of configuration files and credentials.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and has simple exploitation via path traversal sequences in requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise

Restart Required: No

Instructions:

Contact Rocket Software for patch availability and apply immediately when released. Monitor vendor communications for updates.

🔧 Temporary Workarounds

Block Vulnerable Endpoint

all

Restrict access to the /trufusionPortal/getCobrandingData endpoint using web application firewall or network controls.

Input Validation Filter

all

Implement input validation to reject path traversal sequences (../, ..\, etc.) at the application or WAF layer.

🧯 If You Can't Patch

Isolate TRUfusion servers from internet access and restrict internal network access to authorized users only.
Implement strict file system permissions to limit what the TRUfusion service account can access.

🔍 How to Verify

Check if Vulnerable:

Test by sending a request to /trufusionPortal/getCobrandingData with path traversal payloads like ../../../../etc/passwd and checking if server returns file contents.

Check Version:

Check TRUfusion Enterprise version in administration console or configuration files.

Verify Fix Applied:

Retest with same payloads after applying vendor patch or workarounds to confirm file access is blocked.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /trufusionPortal/getCobrandingData containing ../ or ..\ sequences
Unusual file access patterns from TRUfusion process

Network Indicators:

HTTP requests with path traversal patterns to the vulnerable endpoint
Unexpected file downloads from TRUfusion servers

SIEM Query:

source="trufusion.log" AND (uri="/trufusionPortal/getCobrandingData" AND (uri="*../*" OR uri="*..\\*"))

📊 Metadata

CVE ID: CVE-2025-27222

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 5.94% exploit probability (90.4th percentile)

Published: October 27, 2025

Last Updated: November 3, 2025

🔗 References

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-27222.txt Exploit,Third Party Advisory
https://www.rcesecurity.com/2025/09/when-audits-fail-four-critical-pre-auth-vulnerabilities-in-trufusion-enterprise/ Exploit,Third Party Advisory
https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27222, you might also want to check these: