轉發 台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202508-00000005

[內容說明]
【二一零零科技｜公文管理系統 - Authentication Bypass】(CVE-2025-8853，CVSS：9.8) 二一零零科技開發之公文管理系統存在Authentication Bypass漏洞，未經身分鑑別之遠端攻擊者可繞過限制取得任意使用者連線Token，並利用取得的Token以該使用者身分登入系統。

[影響平台]
公文管理系統 5.0.89.0、5.0.89.1及5.0.89.2版本

[建議措施]
更新至5.0.90(含)以後版本

[參考資料]
1. https://www.twcert.org.tw/tw/cp-132-10319-adc18-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center (TWCERTCC-200-202508-00000005)

[Description]
[2100 Technology | Official Document Management System - Authentication Bypass] (CVE-2025-8853, CVSS: 9.8) The official document management system developed by 2100 Technology contains an authentication bypass vulnerability. An unauthenticated remote attacker can bypass restrictions and obtain the connection token of any user, then use the obtained token to log into the system as that user.

[Affected Platforms]
Official Document Management System versions 5.0.89.0, 5.0.89.1, and 5.0.89.2

[Recommended Action]
Update to version 5.0.90 or later.

[References]
1. https://www.twcert.org.tw/tw/cp-132-10319-adc18-1.html