Login Sign Up

CVE-2025-69288

9.1 CRITICAL

📋 TL;DR

This vulnerability allows any authenticated admin user in Titra time tracking software to execute arbitrary code on the server by manipulating timeEntryRule data that gets passed to NodeVM without proper sanitization. This affects all Titra installations prior to version 0.99.49 where admin users have access to modify time entry rules.

💻 Affected Systems

Products:
  • Titra
Versions: All versions prior to 0.99.49
Operating Systems: All platforms running Titra
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated admin access to exploit. Any Titra installation with admin users is vulnerable.

📦 What is this software?

Titra by Kromit

View all CVEs affecting Titra →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary commands, access sensitive data, install malware, or pivot to other systems in the network.

🟠

Likely Case

Privileged admin user (malicious or compromised) gains remote code execution on the Titra server, potentially accessing all time tracking data and system resources.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege access, and monitoring are in place to contain potential exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials but the vulnerability itself is straightforward - modifying timeEntryRule data to inject malicious code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.99.49

Vendor Advisory: https://github.com/kromitgmbh/titra/security/advisories/GHSA-pqgx-6wg3-gmvr

Restart Required: Yes

Instructions:

1. Backup your Titra database and configuration. 2. Stop the Titra service. 3. Update to version 0.99.49 using your package manager or by downloading from GitHub releases. 4. Restart the Titra service. 5. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Admin Access

all

Temporarily limit or disable admin user accounts until patching can be completed.

Network Segmentation

all

Isolate Titra server from critical systems and implement strict firewall rules.

🧯 If You Can't Patch

  • Implement strict access controls and monitor all admin user activities
  • Deploy application-level firewall or WAF with RCE protection rules

🔍 How to Verify

Check if Vulnerable:

Check Titra version - if it's below 0.99.49, the system is vulnerable.

Check Version:

Check package.json version or Titra web interface about page

Verify Fix Applied:

After updating, verify version is 0.99.49 or higher and test that timeEntryRule modifications no longer execute arbitrary code.

📡 Detection & Monitoring

Log Indicators:

  • Unusual admin user activity
  • Suspicious timeEntryRule modifications
  • NodeVM execution errors

Network Indicators:

  • Unexpected outbound connections from Titra server
  • Suspicious process execution patterns

SIEM Query:

source="titra" AND (event="timeEntryRule_modified" OR event="admin_activity")

📊 Metadata

CVE ID: CVE-2025-69288
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-20
EPSS Score: 0.77% exploit probability (73th percentile)
Published: December 31, 2025
Last Updated: January 13, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69288, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)