CVE-2025-2395
Published: 17 March 2025
Description
Adversaries can use stolen session cookies to authenticate to web applications and services.
Security Summary
CVE-2025-2395 is an Improper Authentication vulnerability (CWE-565) affecting U-Office Force from e-Excellence. Published on 2025-03-17, it enables unauthenticated remote attackers to exploit a particular API endpoint and alter cookies to gain administrator login access. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its high impact on confidentiality, integrity, and availability.
Unauthenticated remote attackers with network access can exploit this vulnerability without privileges, low attack complexity, or user interaction. Exploitation allows attackers to impersonate administrators by manipulating cookies via the API, potentially enabling full control over the affected system.
Mitigation details are outlined in advisories from TWCERT/CC, available at https://www.twcert.org.tw/en/cp-139-10012-d5bbc-2.html and https://www.twcert.org.tw/tw/cp-132-10011-3de72-1.html.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability enables unauthenticated remote exploitation of public-facing app API to manipulate cookies for admin impersonation, directly mapping to T1190 and facilitating T1550.004.