Description

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue.

INFO

Published Date :

2025-12-31T21:55:44.667Z

Last Modified :

2026-01-02T14:35:24.773Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69288 vulnerability.

Vendors Products
Kromit
  • Titra
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69288.

URL Resource
https://github.com/kromitgmbh/titra/commit/2e2ac5cbeed47a76720b21c7fde0214a242e065e cve-icon cve-icon
https://github.com/kromitgmbh/titra/releases/tag/0.99.49 cve-icon cve-icon
https://github.com/kromitgmbh/titra/security/advisories/GHSA-pqgx-6wg3-gmvr cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact