轉發 台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202507-00000019

[內容說明]
【鼎新數智｜互聯中台 - Privilege Escalation】(CVE-2025-7344，CVSS：8.8) 鼎新數智開發之互聯中台存在Privilege Escalation漏洞，已經取得一般權限之遠端攻擊者可利用特定API取得管理員權限。

[影響平台]
互聯中台 2.5.1 build 0161(含)以下版本

[建議措施]
更新至2.3.2 build 0115(含)以上版本並安裝修補程式KB202504001

[參考資料]
https://www.twcert.org.tw/tw/cp-132-10272-5b691-1.html

Forwarded by Taiwan Computer Network Crisis Management and Coordination Center TWCERTCC-200-202507-00000019

[Content Description]
[Data Systems Co., Ltd. (Digiwin)｜Internet Middle Platform - Privilege Escalation] (CVE-2025-7344, CVSS: 8.8) The Internet Middle Platform developed by Data Systems Co., Ltd. (Digiwin) has a Privilege Escalation vulnerability. Remote attackers who have obtained general permissions can use specific APIs to obtain administrator permissions.

[Affected Platform]
Internet Middle Platform 2.5.1 build 0161 (inclusive) and below

[Recommended Measures]
Update to 2.3.2 build 0115 (inclusive) and above and install the patch KB202504001

[References]
https://www.twcert.org.tw/tw/cp-132-10272-5b691-1.html