CVE-2025-15563

Medium CVSS: 5.3

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here.

Vendor

Nestersoft

Product

Worktime

CWE

CWE-862

Yayın Tarihi

2026-02-19 11:15:56

Güncelleme

2026-02-26 03:01:05

Source Identifier

551230f0-3615-47bd-b7cc-93e92e730bbf

KEV Date Added

Kategoriler

CWE-862 Worktime MEDIUM Nestersoft 2026

Referanslar

https://r.sec-consult.com/worktime

Benzer Kayıtlar

High

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpo…

High

CVE-2025-15561

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system…

Medium

CVE-2025-15562

The server API endpoint /report/internet/urls reflects received data into the HTML response without applying proper enco…

Critical

CVE-2025-15559

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server…