CVE advisoryCRITICAL
CVE-2025-46157
EfroTech Time Trax Remote Code Execution via File Upload
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical vulnerability in EfroTech Time Trax's file attachment function allows remote attackers to execute arbitrary code. This could impact the confidentiality, integrity, and availability of systems that manage employee leave requests, particularly when the function is accessible.