CVE-2025-2395

Published: Mar 17, 2025Modified: Nov 18, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.

Affected (1)

Products: Edetw: U Office Force

Edetw

1 product

U Office Force

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Edetw U Office Force	Before 28.0

Related CWEs

CWE-565

Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

References (2)

https://www.twcert.org.tw/en/cp-139-10012-d5bbc-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-10011-3de72-1.html

Source: twcert@cert.org.tw

Third Party Advisory

Timeline

No history available yet.