External risk intelligence

QaTraq 6.9.2 Default Administrative Credentials Vulnerability.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2025-63747

The vulnerability exists in a web application login page. Such applications are commonly deployed as network-reachable interfaces, making the administrative login page a likely target for remote access if the application is exposed to the network, which is a common deployment pattern for test management tools.

Testmanagement Qatraq

6.9.2

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory concerns a critical vulnerability in a test management application where default administrative credentials are pre-configured in the software. This allows unauthorized users with access to the login page to gain immediate administrative control over the system.

  • Weak default passwords grant full system access.
  • Confirm if this system is used and exposed externally.
  • Assess potential impact if administrative access is compromised.

Attack Path

How an attacker could exploit the issue

An attacker could gain administrative control over QaTraq by leveraging default, hardcoded credentials. If the web application's login page is accessible, an attacker can use these credentials to log in immediately and assume administrative privileges. This could lead to unauthorized access and modification of sensitive test management data.

  • Requires network access to the login page.
  • Uses default administrative credentials.
  • Grants full administrative control.

Live Threat

Current exploitation, exposure, and threat context

When supported by the advisory, an unauthenticated attacker who can reach the QaTraq login page could gain administrative access to the system by leveraging default administrative credentials. This access could allow them to view, modify, or delete system data and alter service behavior.

  • Administrative system access.
  • Immediate login via web page.
  • Unrestricted system control.

Operational Fix

Recommended remediation, mitigation, and detection steps

Real-world action for this vulnerability likely falls to the application owners and infrastructure teams responsible for the QaTraq test management system. The immediate first step is to identify all instances of QaTraq 6.9.2 within the environment, confirm their network exposure and business criticality, and then assign ownership for remediation. Planning for updates or configuration changes should be based on the determined risk level.

  • Identify QaTraq instances and ownership.
  • Verify network exposure and business impact.
  • Plan risk-based remediation actions.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is QaTraq?

QaTraq is a test management software used by development and QA teams to organize, track, and manage software testing lifecycles. It provides a centralized web interface for teams to coordinate test cases and report results. The version 6.9.2 is specifically affected by a configuration issue regarding how it manages initial user access.

What does CWE-521 mean for CVE-2025-63747?

CWE-521 refers to the use of weak or hardcoded credentials. In the context of this CVE, it means the software is distributed with pre-configured administrative account passwords enabled by default. This weakness allows anyone who knows or guesses these standard credentials to bypass authentication and gain full control over the application immediately upon installation.

How does an attacker trigger this vulnerability?

An attacker triggers this by navigating to the web-based login page of a QaTraq 6.9.2 instance and successfully authenticating using the known default administrative credentials. Note that this requires network reachability to that login screen; the vulnerability cannot be triggered if the application interface is entirely unreachable from the attacker's network segment.

Is my QaTraq installation at risk?

If your instance is reachable over the network, Halo Surface Signal flags it as a likely target because administrative login pages are common entry points. You should evaluate if your deployment is exposed to the public internet or accessible to untrusted internal networks, as these environments significantly increase the likelihood that an unauthorized user could reach the login page and attempt to use the default credentials.

What are the first steps to secure my environment?

Begin by auditing your network to locate every instance of QaTraq 6.9.2 currently running. Once identified, determine which instances are accessible via the network and assess the sensitivity of the data they hold. Immediately restrict access to these login pages if possible, then coordinate with your technical team to update the system or apply configuration changes that remove or secure these default administrative accounts.

References