{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-7917","assignerOrgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","state":"PUBLISHED","assignerShortName":"twcert","dateReserved":"2025-07-21T01:58:24.401Z","datePublished":"2025-07-21T06:08:38.612Z","dateUpdated":"2025-07-21T15:39:46.038Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"WinMatrix3 Web package","vendor":"Simopro Technology","versions":[{"lessThanOrEqual":"1.2.39.5","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2025-07-21T06:04:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server."}],"value":"WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server."}],"impacts":[{"capecId":"CAPEC-650","descriptions":[{"lang":"en","value":"CAPEC-650 Upload a Web Shell to a Web Server"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.6,"baseSeverity":"HIGH","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","shortName":"twcert","dateUpdated":"2025-07-21T08:04:44.247Z"},"references":[{"tags":["third-party-advisory"],"url":"https://www.twcert.org.tw/tw/cp-132-10258-16bbf-1.html"},{"tags":["third-party-advisory"],"url":"https://www.twcert.org.tw/en/cp-139-10263-5f2e7-2.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update to AP 3.8.52.5 (Web 1.2.39.5) and install the hotfix, or update to AP 3.9.1 (Web 1.3.1) or later versions<br>"}],"value":"Update to AP 3.8.52.5 (Web 1.2.39.5) and install the hotfix, or update to AP 3.9.1 (Web 1.3.1) or later versions"}],"source":{"advisory":"TVN-202507008","discovery":"EXTERNAL"},"title":"Simopro Technology｜WinMatrix3 Web package - Arbitrary File Upload","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-21T15:39:36.019993Z","id":"CVE-2025-7917","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-21T15:39:46.038Z"}}]}}