CVE 5.3 MEDIUM

Tyler Technologies ERP Pro 9 SaaS application escape_CVE-2025-55077

August 7, 2025 invoker category_cve

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Description

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01.

AI Analysis

An authenticated user can escape the ERP Pro 9 SaaS application and execute limited OS commands on a remote Windows environment. However, Tyler Technologies has implemented hardened settings to mitigate this issue.

Basic Information

ID CVE-2025-55077

Source cisa-cg

Published Aug 7, 2025 at 18:37

Affected Product

Vendor Tyler Technologies

Product ERP Pro 9 SaaS

Affected Versions Tyler Technologies ERP Pro 9 SaaS 0

CWE Classification

CWE-250 CWE-668 CWE-863

AI Assessment

AI Severity Medium

Vendor Tyler Technologies

Product ERP Pro 9 SaaS

Version Version information not provided.

References

{
    "lastseen": "",
    "description": "Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01.",
    "published": "2025-08-07T18:37:33.309Z",
    "modified": "2025-08-07T18:37:33.309Z",
    "type": "cve",
    "title": "Tyler Technologies ERP Pro 9 SaaS application escape",
    "source": "cisa-cg",
    "references": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-219-01.json\nhttps://www.cve.org/CVERecord?id=CVE-2025-55077",
    "id": "CVE-2025-55077",
    "bulletinFamily": "",
    "cwe": [
        "CWE-250",
        "CWE-668",
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "Tyler Technologies ERP Pro 9 SaaS 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ERP Pro 9 SaaS",
    "version": "0",
    "vendor": "Tyler Technologies",
    "ai_description": "An authenticated user can escape the ERP Pro 9 SaaS application and execute limited OS commands on a remote Windows environment. However, Tyler Technologies has implemented hardened settings to mitigate this issue.",
    "ai_severity": "Medium",
    "ai_vendor": "Tyler Technologies",
    "ai_product": "ERP Pro 9 SaaS",
    "ai_version": "Version information not provided.",
    "ai_score": 0
}

💭 Join the Security Discussion ❌ Cancel Reply