CVE-2025-63747 | QaTraq 6.9.2 ships with administrative account credentials w… | CVSS 9.8 CRITICAL

Description

QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can gain administrative access.

Metadata

CVE ID: CVE-2025-63747
State: PUBLISHED
Assigner: mitre
Reserved: 2025-10-27 00:00 UTC
Published: 2025-11-17 00:00 UTC
Last updated: 2025-11-17 19:42 UTC
Primary CWE: CWE-521
CWE-521 Weak Password Requirements
Vendor / Product: n/a / n/a
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
n/a	n/a	—	n/a

Weakness (CWE)

CWE	Source	Description
—	cna	n/a
CWE-521	adp	CWE-521 Weak Password Requirements

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)