CVE-2025-27222 is a path traversal vulnerability affecting TRUfusion Enterprise through version 7.10.4.0. The vulnerability arises from improper input sanitization in the /trufusionPortal/getCobrandingData endpoint, which is designed to retrieve files. Attackers can exploit this flaw by injecting path traversal sequences (e.g., ../) into the input parameter, allowing them to traverse the server's directory structure and read arbitrary files accessible by the TRUfusion user. Critically, this includes the potential to access cleartext passwords stored by the TRUfusion Enterprise application, leading to severe confidentiality breaches. The vulnerability requires no authentication or user interaction and can be exploited remotely over the network, increasing its risk profile. The CVSS v3.1 score of 8.6 reflects the high impact on confidentiality with no impact on integrity or availability. The vulnerability is categorized under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-35 (Path Traversal: 'dot dot slash'). While no public exploits are reported yet, the ease of exploitation and sensitive data exposure make this a critical concern. Organizations should monitor for patches and consider immediate compensating controls to limit exposure.

For European organizations, the impact of CVE-2025-27222 is significant due to the potential exposure of sensitive internal files and cleartext credentials. Confidentiality breaches could lead to unauthorized access to the TRUfusion Enterprise environment and potentially other connected systems if credentials are reused or privileged. This could facilitate further lateral movement, espionage, or data theft. The lack of required authentication and user interaction means attackers can exploit this vulnerability remotely and stealthily, increasing the risk of widespread compromise. Sectors such as finance, healthcare, government, and critical infrastructure that rely on TRUfusion Enterprise for operational or security functions are particularly vulnerable. The exposure of cleartext passwords could undermine trust in the affected organizations’ security posture and lead to regulatory penalties under GDPR due to inadequate protection of sensitive data.

1. Immediately restrict network access to the /trufusionPortal/getCobrandingData endpoint using firewall rules or web application firewalls (WAF) to limit exposure to trusted IPs only. 2. Implement strict input validation and sanitization on the server side to reject any path traversal sequences or unexpected characters in the input parameters. 3. Monitor logs for unusual access patterns or attempts to exploit path traversal sequences targeting this endpoint. 4. Rotate all TRUfusion Enterprise passwords and credentials stored on the server to mitigate potential credential leakage. 5. Apply vendor patches or updates as soon as they become available to address the vulnerability directly. 6. Conduct a thorough security audit of the TRUfusion Enterprise deployment to identify any other potential misconfigurations or vulnerabilities. 7. Employ network segmentation to isolate TRUfusion Enterprise servers from critical internal systems to limit lateral movement if compromise occurs. 8. Educate IT and security teams about this vulnerability and ensure incident response plans include steps for path traversal exploitation scenarios.