CVE-2025-15563

Summary

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here.

Affected Software

VendorProductVersion RangeStatus
NesterSoft Inc.WorkTime (on-prem/cloud)<= 11.8.8affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References