WorkTime On-prem Database Configuration Reset via Unauthenticated HTTP Request

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

WorkTime On-prem Database Configuration Reset via Unauthenticated HTTP Request

CVE-2025-15563

Summary

An attacker can reset the WorkTime database configuration without a password, which could disrupt business operations and compromise sensitive data. This vulnerability affects the WorkTime on-prem server. To protect your server, update to the latest version of WorkTime or apply the recommended security patches.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
nestersoft	worktime	<= 11.8.8	–
nestersoft	worktime	<= 11.8.8	–

Original title

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here.

Original description

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here.

nvd CVSS3.1 5.3

Vulnerability type

CWE-862 Missing Authorization

https://r.sec-consult.com/worktime Third Party Advisory

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026