CVE-2025-8853

Critical

Published: 11 August 2025

Published

11 August 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0041 61.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8853 is a critical-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Chtsecurity (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match

prevent

Manages connection tokens as authenticators by requiring protection, rotation, and revocation to prevent unauthorized obtainment and reuse by attackers.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations and logical access controls to block authentication bypass attempts using stolen tokens.

SC-23 Session Authenticity good match

prevent

Protects session authenticity to mitigate impersonation via reused connection tokens, preventing attackers from logging in as legitimate users.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1550.004 Web Session Cookie Lateral Movement

Adversaries can use stolen session cookies to authenticate to web applications and services.

attack.mitre.org →

Why these techniques?

Auth bypass in public-facing web app directly enables remote exploitation (T1190) and session token impersonation (T1550.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user.

Deeper analysisAI

CVE-2025-8853 is an authentication bypass vulnerability in the Official Document Management System developed by 2100 Technology. It enables unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-290 (Authentication Bypass Missing Authorization). It was published on 2025-08-11.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no privileges required. Successful exploitation allows attackers to impersonate any user by stealing and reusing their connection tokens, potentially leading to high confidentiality, integrity, and availability impacts, such as unauthorized access to sensitive documents and system functions.

Mitigation details and advisories are documented in the following references: https://www.chtsecurity.com/news/8618a2f0-390a-4506-9ff8-a9e74030d19e, https://www.chtsecurity.com/news/a9a90f0b-c2cb-4c66-b3d1-bc7f252fd108, https://www.twcert.org.tw/en/cp-139-10320-ad540-2.html, and https://www.twcert.org.tw/tw/cp-132-10319-adc18-1.html. Security practitioners should consult these sources for patch information and remediation guidance specific to affected deployments.