CVE-2025-55077

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-55077
Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01.

7.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-219-01.json Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-55077 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:tylertech:erp_pro_9:2025-08-01:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

23 Sep 2025, 18:29

Type Values Removed Values Added
References () https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-219-01.json - () https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-219-01.json - Third Party Advisory
References () https://www.cve.org/CVERecord?id=CVE-2025-55077 - () https://www.cve.org/CVERecord?id=CVE-2025-55077 - Third Party Advisory
Summary
  • (es) Tyler Technologies ERP Pro 9 SaaS permite a un usuario autenticado escapar de la aplicación y ejecutar comandos limitados del sistema operativo dentro del entorno remoto de Microsoft Windows con sus privilegios. Tyler Technologies implementó configuraciones reforzadas del entorno remoto de Windows en todos los entornos de clientes de ERP Pro 9 SaaS a partir del 1 de agosto de 2025.
CPE cpe:2.3:a:tylertech:erp_pro_9:2025-08-01:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Microsoft
Microsoft windows
Tylertech
Tylertech erp Pro 9

07 Aug 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-07 19:15

Updated : 2025-09-23 18:29

NVD link : CVE-2025-55077

Mitre link : CVE-2025-55077

CVE.ORG link : CVE-2025-55077

JSON object : View

Products Affected

tylertech

  • erp_pro_9

microsoft

  • windows
CWE
CWE-250

Execution with Unnecessary Privileges

CWE-668

Exposure of Resource to Wrong Sphere

CWE-863

Incorrect Authorization

NVD-CWE-noinfo