← Zuruck zu CVEs
CVE-2025-8853
CRITICAL9.8
Beschreibung
Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/11/2025
Zuletzt geandert8/11/2025
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-290
Referenzen
https://www.chtsecurity.com/news/8618a2f0-390a-4506-9ff8-a9e74030d19e(twcert@cert.org.tw)
https://www.chtsecurity.com/news/a9a90f0b-c2cb-4c66-b3d1-bc7f252fd108(twcert@cert.org.tw)
https://www.twcert.org.tw/en/cp-139-10320-ad540-2.html(twcert@cert.org.tw)
https://www.twcert.org.tw/tw/cp-132-10319-adc18-1.html(twcert@cert.org.tw)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.