CVE-2025-8853

CRITICAL

Official Document Management System - Auth Bypass

Title source: llm

Description

Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user.

References (4)

[Various Sources] https://www.twcert.org.tw/tw/cp-132-10319-adc18-1.html

[Various Sources] https://www.twcert.org.tw/en/cp-139-10320-ad540-2.html

[Various Sources] https://www.chtsecurity.com/news/8618a2f0-390a-4506-9ff8-a9e74030d19e

[Various Sources] https://www.chtsecurity.com/news/a9a90f0b-c2cb-4c66-b3d1-bc7f252fd108

Scores

CVSS v3 9.8

EPSS 0.0041

EPSS Percentile 61.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-290

Status published

Products (3)

2100 Technology/Official Document Management System 5.0.89.0

2100 Technology/Official Document Management System 5.0.89.1

2100 Technology/Official Document Management System 5.0.89.2

Published Aug 11, 2025

Tracked Since Feb 18, 2026