Sploit.io - Search

CVE-2025-2395

Severity: CRITICAL

Description: The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.

Affected Products:

• e-Excellence U-Office Force - Versions: 0

References:

• https://www.twcert.org.tw/tw/cp-132-10011-3de72-1.html
• https://www.twcert.org.tw/en/cp-139-10012-d5bbc-2.html

CVE-2025-2396

Severity: HIGH

Description: The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Affected Products:

• e-Excellence U-Office Force - Versions: 0

References:

• https://www.twcert.org.tw/tw/cp-132-10013-0d371-1.html
• https://www.twcert.org.tw/en/cp-139-10014-69aa5-2.html