CVE-2025-63747CRITICAL 9.8EPSS p32.3%

CVE-2025-63747CVE-2025-63747

Description

QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can gain administrative access.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.41% probability of exploitation · percentile 32.3% · 2026-06-18T12:00:27Z
Published2025-11-17
Last modified2025-11-26

Underlying weaknesses· 1

CWE-521

References

  1. http://qatraq.com
  2. https://bitsbyamg.com/blog/post/2025/10/19/qatraq-692-default-creds-and-file-upload-rce

1

TypeTargetConfidenceTier
WeaknessWeak Password Requirementscwe-5210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-63748
CVE
CVE-2025-67418
CVE
CVE-2025-1393
CVE
CVE-2026-23595
CVE
CVE-2025-64281
CVE
CVE-2025-4494
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.