CVE-2025-63747
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk30th percentile - higher than 30% of all known CVEs
Summary
QaTraq 6.9.2 ships with default administrative account credentials that are enabled in standard installations. This allows immediate login via the web application login page. An attacker who can reach the login page can gain full administrative access.
Risk Assessment
The risk is that an unauthorized user can gain full control over the QaTraq system, potentially leading to data theft, configuration changes, or service disruption.
Recommendation
Immediately change the default administrative password and consider restricting access to the login page, e.g., via IP filtering or implementing multi-factor authentication.
Original NVD description (English source)
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can gain administrative access.

