CVE-2025-7620
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-07-15
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| diwei_system_integration | document_production_cross_browser_component | 1.6.8 |
| digitware_system_integration_corporation | document_creation_component | 1.6.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-494 | The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step is to contact the vendor for an update to a fixed version of the Digitware System Integration Corporation document creation component. Applying the vendor's patch or update will mitigate the vulnerability. [1, 2]
Can you explain this vulnerability to me?
This vulnerability is a Remote Code Execution (RCE) flaw in the cross-browser document creation component developed by Digitware System Integration Corporation, affecting versions 1.6.8 and earlier. If a user with the vulnerable component active visits a malicious website, remote attackers can exploit this flaw to download and execute arbitrary programs on the user's system without proper consent. [1, 2]
How can this vulnerability impact me? :
The vulnerability can lead to remote attackers executing arbitrary code on your system, potentially compromising confidentiality, integrity, and availability of your data and system. This means attackers could install malware, steal sensitive information, or disrupt system operations if you visit a malicious website while the vulnerable component is active. [1, 2]