CVE-2025-27631

Summary

CVE-2025-27631 is a new vulnerability affecting the TRMTracker web application. This issue allows an attacker to execute LDAP injection attacks, gaining the ability to inject code into a query and ultimately execute remote commands. The consequences of this vulnerability can lead to unauthorized reading and updating of data on the website. This attacks can be launched without requiring authentication or elevated privileges, making it a critical threat for organizations using the TRMTracker application. Attackers can exploit this vulnerability by sending specially crafted LDAP messages to the application's LDAP server, bypassing input validation and access controls. Organizations using TRMTracker should promptly apply the available patches or implement mitigations to protect against this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.