CVE-2025-8853
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-11
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 2100_technology | official_document_management_system | 5.0.89.0 |
| 2100_technology | official_document_management_system | 5.0.89.1 |
| 2100_technology | official_document_management_system | 5.0.89.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8853 is an authentication bypass vulnerability in the Official Document Management System developed by 2100 Technology. It allows unauthenticated remote attackers to bypass the authentication mechanism by modifying request packets to obtain any user's connection token. With this token, attackers can impersonate any user and log into the system without authorization, gaining unauthorized access to user information and potentially full system access. [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to sensitive information, full system compromise, and the ability for attackers to impersonate any user. It affects confidentiality, integrity, and availability of the system, potentially leading to data breaches, loss of trust, and disruption of services. [1, 2, 3, 4]
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2025-8853, immediately update the Official Document Management System to version 5.0.90 or later. Contact the system vendor for the update if necessary. Additionally, developers should strengthen the authentication mechanism by avoiding reliance on user-controllable data as the sole authentication factor. [2, 3, 4]