CVE-2025-27222 identifies a path traversal vulnerability in TRUfusion Enterprise software versions through 7.10.4.0. The vulnerability exists in the /trufusionPortal/getCobrandingData endpoint, which is designed to retrieve files for branding purposes. The application does not properly sanitize user-supplied input to this endpoint, allowing attackers to include path traversal sequences (e.g., ../) in the request. This flaw enables an attacker to read arbitrary files on the server that the TRUfusion user account has access to. Critically, this includes files containing cleartext passwords used by TRUfusion Enterprise itself, potentially exposing credentials that could be leveraged for further compromise. The vulnerability does not require authentication or user interaction, making it remotely exploitable by unauthenticated attackers. Although no public exploits have been reported yet, the risk is substantial due to the sensitive nature of the data that can be accessed and the ease of exploitation. The lack of a CVSS score indicates this is a newly published vulnerability, but the technical details suggest a significant security gap that must be addressed promptly. The vulnerability impacts confidentiality primarily, but could also affect integrity if attackers use leaked credentials to escalate privileges or manipulate data. The scope is limited to systems running vulnerable versions of TRUfusion Enterprise, but given the enterprise nature of the software, affected systems may hold critical business data and credentials.

For European organizations, this vulnerability poses a serious risk to the confidentiality of sensitive enterprise data and credentials. Exposure of cleartext passwords could lead to unauthorized access to TRUfusion Enterprise systems and potentially lateral movement within corporate networks. This could result in data breaches, operational disruptions, and loss of trust. Organizations in sectors such as finance, manufacturing, and government that rely on TRUfusion Enterprise for critical operations could face significant operational and reputational damage. The ease of exploitation without authentication increases the likelihood of attacks, especially from opportunistic threat actors. Additionally, if attackers gain access to administrative credentials, they could manipulate or disrupt enterprise processes, impacting data integrity and availability. The lack of known exploits currently provides a window for proactive mitigation, but the risk remains high given the vulnerability’s nature.

Organizations should immediately audit their TRUfusion Enterprise deployments to identify affected versions up to 7.10.4.0. Until a vendor patch is available, implement strict input validation and sanitization on the /trufusionPortal/getCobrandingData endpoint to block path traversal sequences. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious path traversal attempts targeting this endpoint. Restrict file system permissions for the TRUfusion user to the minimum necessary, preventing access to sensitive files such as password stores. Monitor logs for unusual access patterns or attempts to retrieve files via this endpoint. Conduct regular credential audits and consider rotating passwords stored by TRUfusion Enterprise to limit exposure. Engage with the vendor for timely patch releases and apply updates as soon as they become available. Additionally, implement network segmentation to isolate TRUfusion Enterprise servers from broader enterprise networks to limit lateral movement if compromise occurs.