Advisory

Vulnerability reporting

2025-08-30

SUNNET Corporate Training Management System - Missing Authentication for Critical Function

ZUSOART ID ZA-2025-10
CVE ID CVE-2025-54942
Vulnerability Type CWE-306: Missing Authentication for Critical Function
CVSS 4.0 Base CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N(9.3)
Description A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.
Vendor SUNNET Technology Co., Ltd.
Product
Category Version affected
Corporate Training Management System Before 10.11
Product Support Contact SUNNET Technology for version updates.
Release date 2025/08/30
Credit Cheng Ming Yang (TW1943) of ZUSO ART
<< Back index
top