CVE-2025-11948
Published: 20 October 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-11948 is an Arbitrary File Upload vulnerability (CWE-434) in the Document Management System developed by Excellent Infotek. Published on 2025-10-20, it enables unauthenticated remote attackers to upload web shell backdoors and execute them, resulting in arbitrary code execution on the affected server. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges or user interaction. Successful exploitation allows attackers to achieve high-impact compromise, including full arbitrary code execution on the server via uploaded web shells, potentially leading to complete system control.
Advisories from TWCERT/CC and CHT Security provide further details on the vulnerability, available at https://www.twcert.org.tw/en/cp-139-10453-43e63-2.html, https://www.twcert.org.tw/tw/cp-132-10452-72cb6-1.html, and https://www.chtsecurity.com/news/3575ad9c-31f4-49de-8bc4-de85bb2eed39.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Arbitrary file upload in public-facing web application enables exploitation of public-facing app (T1190) and facilitates web shell deployment for RCE (T1505.003).