Cyber Resilience

CVE-2025-8853

Critical

Published: 11 August 2025

Published
11 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0088 75.8th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8853 is a critical-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Chtsecurity (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2025-8853 is an authentication bypass vulnerability in the Official Document Management System developed by 2100 Technology. It enables unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-290 (Authentication Bypass Missing Authorization). It was published on 2025-08-11.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no privileges required. Successful exploitation allows attackers to impersonate any user by stealing and reusing their connection tokens, potentially leading to high confidentiality, integrity, and availability impacts, such as unauthorized access to sensitive documents and system functions.

Mitigation details and advisories are documented in the following references: https://www.chtsecurity.com/news/8618a2f0-390a-4506-9ff8-a9e74030d19e, https://www.chtsecurity.com/news/a9a90f0b-c2cb-4c66-b3d1-bc7f252fd108, https://www.twcert.org.tw/en/cp-139-10320-ad540-2.html, and https://www.twcert.org.tw/tw/cp-132-10319-adc18-1.html. Security practitioners should consult these sources for patch information and remediation guidance specific to affected deployments.

EU & UK References

Vulnerability details

Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1550.004 Web Session Cookie Lateral Movement
Adversaries can use stolen session cookies to authenticate to web applications and services.
Why these techniques?

Auth bypass in public-facing web app directly enables remote exploitation (T1190) and session token impersonation (T1550.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-55925Shared CWE-290
CVE-2026-0834Shared CWE-290
CVE-2026-33131Shared CWE-290
CVE-2026-24372Shared CWE-290
CVE-2025-27671Shared CWE-290
CVE-2026-24853Shared CWE-290
CVE-2026-30975Shared CWE-290
CVE-2026-31889Shared CWE-290
CVE-2026-40575Shared CWE-290
CVE-2025-11250Shared CWE-290

Affected Assets

Chtsecurity
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Manages connection tokens as authenticators by requiring protection, rotation, and revocation to prevent unauthorized obtainment and reuse by attackers.

prevent

Enforces approved authorizations and logical access controls to block authentication bypass attempts using stolen tokens.

prevent

Protects session authenticity to mitigate impersonation via reused connection tokens, preventing attackers from logging in as legitimate users.

References