CRITICAL🇵🇱 Wersja polska

CVE-2025-63747

CVSS 9.8v3.1pub. 2025-11-17upd. 2026-07-05

QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can gain administrative access.

🤖 AI Analysis
How it works

QaTraq version 6.9.2 has built-in, default-enabled administrator account credentials (CWE-521: Weak Password Requirements). This account is active immediately after installation and accessible through the standard web application login page. An attacker who can reach this page — for example via the Internet or internal network — can log in using known default credentials and immediately take control of the application with administrator privileges.

Impact

An attacker gains full administrative access to the QaTraq application, which enables them to read, modify and delete test data as well as manage system configuration. According to related references, the vulnerability can be combined with other flaws (e.g. file upload leading to RCE), which may result in complete server takeover.

Mitigation & patch

The default administrator account must be changed or disabled immediately after installation. It is recommended to check for available updates from the vendor (http://qatraq.com) and review references regarding the patched version. Until a patch is applied, access to the application login page should be restricted to trusted IP addresses only using a firewall or network-level access control mechanisms.

Who is affected

QaTraq version 6.9.2 in default installation configuration

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Testmanagement Qatraq

    APP
    Testmanagement
    6.9.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-63748HIGH8.8ten sam produkt

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Tes...