CVE 9.1 CRITICAL

CVE-2025-60291_CVE-2025-60291

October 27, 2025 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection configurations.

AI Analysis

Permission control flaw allowing unauthorized access and modification of database connection configurations

Basic Information

ID CVE-2025-60291

Source mitre

Published Oct 27, 2025 at 00:00

Modified Oct 27, 2025 at 15:57

Affected Product

Vendor eSSL Security

Product eTimeTrackLite

Version 12.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-284

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor eSSL Security

Product eTimeTrackLite Web

Version 12.0

References

{
    "lastseen": "",
    "description": "An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection configurations.",
    "published": "2025-10-27T00:00:00.000Z",
    "modified": "2025-10-27T15:57:06.701Z",
    "type": "cve",
    "title": "CVE-2025-60291",
    "source": "mitre",
    "references": "https://www.esslsecurity.com/\nhttps://github.com/M00nBack/CVE_Request/blob/main/eSSL%20Security/eTimeTrackLite.md",
    "id": "CVE-2025-60291",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "eTimeTrackLite",
    "version": "12.0",
    "vendor": "eSSL Security",
    "ai_description": "Permission control flaw allowing unauthorized access and modification of database connection configurations",
    "ai_severity": "Critical",
    "ai_vendor": "eSSL Security",
    "ai_product": "eTimeTrackLite Web",
    "ai_version": "12.0",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply