CVE-2025-55077

HIGH

Tyler Technologies ERP Pro 9 SaaS - Command Injection

Title source: llm

Description

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01.

References (2)

[Third Party Advisory] https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-219-01.json

[Third Party Advisory] https://www.cve.org/CVERecord?id=CVE-2025-55077

Scores

CVSS v3 7.4

EPSS 0.0007

EPSS Percentile 20.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863 CWE-250 CWE-668

Status published

Products (1)

tylertech/erp_pro_9 2025-08-01

Published Aug 07, 2025

Tracked Since Feb 18, 2026