{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T00:58:57.033","vulnerabilities":[{"cve":{"id":"CVE-2025-15563","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2026-02-19T11:15:56.983","lastModified":"2026-02-26T03:01:05.477","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here."},{"lang":"es","value":"Cualquier usuario no autenticado puede restablecer la configuración de la base de datos local de WorkTime enviando una solicitud HTTP específica al servidor de WorkTime. No se aplica ninguna comprobación de autorización aquí."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nestersoft:worktime:*:*:*:*:cloud:*:*:*","versionEndIncluding":"11.8.8","matchCriteriaId":"F8A53FE8-6F29-462D-B7EB-C3E4F25DBEC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:nestersoft:worktime:*:*:*:*:on-premise:*:*:*","versionEndIncluding":"11.8.8","matchCriteriaId":"0A831FDF-1B71-48B4-BA2D-D2EFB151161A"}]}]}],"references":[{"url":"https://r.sec-consult.com/worktime","source":"551230f0-3615-47bd-b7cc-93e92e730bbf","tags":["Third Party Advisory"]}]}}]}