← back
CVE-2025-63747

CVE-2025-63747

CVSS 9.8 CRITICALEPSS 0.4%CWE-521
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Nov 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can gain administrative access.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://qatraq.comhttps://bitsbyamg.com/blog/post/2025/10/19/qatraq-692-default-creds-and-file-upload-rce