CVE Catalog

CVE-2025-46157

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.78%

51th percentile - higher than 51% of all known CVEs

Summary

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form.

Risk Assessment

An attacker can take over the server, steal data, or install malware, compromising the confidentiality, integrity, and availability of the system.

Recommendation

Immediately update the system to the latest version or apply a security patch from the vendor, and restrict file upload capabilities to trusted users only.

Original NVD description (English source)

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form

Vulnerability data from NVD (NIST) · CISA KEV · EPSS