轉發 台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202507-00000015

[內容說明]
【達煬科技｜WinMatrix3 - Insecure Deserialization】(CVE-2025-7916，CVSS：9.8) 達煬科技開發之WinMatrix3應用程式伺服器端存在Inscure Deserialization漏洞，未經身分鑑別之遠端攻擊者可以透過發送惡意序列化內容於伺服器端執行任意程式碼。

[影響平台]
WinMatrix AP 3.8.52.5(含)以前版本

[建議措施]
更新AP至3.8.52.5(Web 1.2.39.5)並安裝hotfix，或更新AP至3.9.1(Web 1.3.1)(含)以後版本

[參考資料]
https://www.twcert.org.tw/tw/cp-132-10256-14d55-1.html

Forwarded by Taiwan Computer Network Crisis Management and Coordination Center TWCERTCC-200-202507-00000015

[Content Description]
[Simopro｜WinMatrix3 - Insecure Deserialization] (CVE-2025-7916, CVSS: 9.8) The WinMatrix3 application developed by Simopro has an Inscure Deserialization vulnerability on the server side. Unauthenticated remote attackers can execute arbitrary code on the server side by sending malicious serialized content.

[Affected Platform]
WinMatrix AP 3.8.52.5 (inclusive) and earlier versions

[Recommended Measures]
Update AP to 3.8.52.5 (Web 1.2.39.5) and install hotfix, or update AP to 3.9.1 (Web 1.3.1) (inclusive) and later versions

[References]
https://www.twcert.org.tw/tw/cp-132-10256-14d55-1.html