轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-200-202511-00000114

[內容說明]
研究人員發現網韻資訊New Site Server存在使用用戶端驗證(Use of Client-Side Authentication)漏洞(CVE-2025-12868)，未經身分鑑別之遠端攻擊者可修改前端程式碼取得網站管理者權限，請儘速確認並進行修補。

[影響平台]
New Site Server

[建議措施]
官方已針對漏洞釋出修復更新，請聯繫廠商進行更新

[參考資料]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-12868

Forwarded from National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202511-00000114

[Content Description]
Researchers have discovered a vulnerability (CVE-2025-12868) in the Use of Client-Side Authentication (USA) vulnerability in Cybertutor New Site Server. An unauthenticated remote attacker could modify the front-end code to gain website administrator privileges. Please confirm and patch this vulnerability as soon as possible.

[Affected Platform]
New Site Server

[Recommended Actions]
The official patch has been released. Please contact the vendor for the update.

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-12868