CVE Catalog

CVE-2025-63747

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile - higher than 30% of all known CVEs

Summary

QaTraq 6.9.2 ships with default administrative account credentials that are enabled in standard installations. This allows immediate login via the web application login page. An attacker who can reach the login page can gain full administrative access.

Risk Assessment

The risk is that an unauthorized user can gain full control over the QaTraq system, potentially leading to data theft, configuration changes, or service disruption.

Recommendation

Immediately change the default administrative password and consider restricting access to the login page, e.g., via IP filtering or implementing multi-factor authentication.

Original NVD description (English source)

QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can gain administrative access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS