CVE Catalog
CVE-2025-46157
CriticalCVSS 9.9Exploitation Probability (EPSS)
Elevated risk0.78%
51th percentile - higher than 51% of all known CVEs
Summary
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form.
Risk Assessment
An attacker can take over the server, steal data, or install malware, compromising the confidentiality, integrity, and availability of the system.
Recommendation
Immediately update the system to the latest version or apply a security patch from the vendor, and restrict file upload capabilities to trusted users only.
Original NVD description (English source)
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form

