CVE-2025-2396

High CVSS: 8.8

The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Vendor

Edetw

Product

U-office Force

CWE

CWE-434

Yayın Tarihi

2025-03-17 06:15:26

Güncelleme

2025-11-18 17:45:59

Source Identifier

twcert@cert.org.tw

KEV Date Added

Kategoriler

CWE-434 U-office Force HIGH Edetw 2025

Referanslar

https://www.twcert.org.tw/en/cp-139-10014-69aa5-2.html https://www.twcert.org.tw/tw/cp-132-10013-0d371-1.html

Benzer Kayıtlar

Critical

CVE-2026-3422

U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote a…

High

CVE-2025-12864

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to in…

High

CVE-2025-12865

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to in…

Critical

CVE-2025-2395

The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attac…