CVE-2025-55077
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
Summary
Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Tyler Technologies | ERP Pro 9 SaaS | 0 < 2025-08-01 | affected |
| Tyler Technologies | ERP Pro 9 SaaS | 2025-08-01 | unaffected |
Weaknesses
- CWE-250: CWE-250 Execution with Unnecessary Privileges
- CWE-668: CWE-668 Exposure of Resource to Wrong Sphere
- CWE-863: CWE-863 Incorrect Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-219-01.json
- https://www.cve.org/CVERecord?id=CVE-2025-55077
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.