CVE-2025-15563

CVE-2025-15563: Broken Access Control results in Denial of Service in NesterSoft WorkTime

Vendor Nestersoft Inc.

Product WorkTime (on-prem/cloud)

Weakness CWE-862 · Missing authorization

Published February 19, 2026

Last update February 20, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here.

Key dates

02Disclosure timeline

February 19, 2026 CVE published

February 20, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-15563 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2023-3442 Missing Authorization in Jenkins plug-in for ServiceNow DevOps CVE-2025-28965 WordPress URL Shortener <= 3.0.7 - Broken Access Control Vulnerability CVE-2024-32725 WordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerability CVE-2026-25338 WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability CVE-2024-52382 WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability