CVE-2025-2396
Published: 17 March 2025
Summary
CVE-2025-2396 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Edetw U-Office Force. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The U-Office Force application from e-Excellence contains an arbitrary file upload vulnerability tracked as CVE-2025-2396 and CWE-434. The flaw permits unauthenticated or low-privileged remote attackers to upload executable files such as web shells directly to the server, resulting in arbitrary code execution. It carries a CVSS 3.1 base score of 8.8 with an attack vector of network, low complexity, and low privileges required.
An attacker who already possesses regular user credentials can send a crafted upload request over the network to place and execute a web shell, thereby gaining full control of the underlying server including the ability to read, modify, or delete data and potentially pivot further into the environment. No user interaction is needed on the part of the victim.
Taiwan's CERT has published advisories detailing the issue at the referenced URLs; these documents are the primary source for official mitigation steps such as applying vendor patches or configuration changes. The associated EPSS score rose from a low baseline to a peak of 0.0381, indicating that exploitation interest increased after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6455
Vulnerability details
The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The arbitrary file upload vulnerability in a public-facing web application directly enables remote exploitation (T1190) to upload and execute web shell backdoors for arbitrary code execution (T1100).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2025-2396 by requiring timely remediation of the specific arbitrary file upload flaw through patching.
Prevents unrestricted upload of dangerous files like web shells by validating all information inputs at upload endpoints.
Detects and eradicates uploaded web shell backdoors as malicious code at network entry points before execution.