CVE-2025-2396
Published: 17 March 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-2396 is an Arbitrary File Upload vulnerability in U-Office Force from e-Excellence, published on 2025-03-17T06:15:26.113. Associated with CWE-434 (Unrestricted Upload of File with Dangerous Type), it carries a CVSS v3.1 base score of 8.8 (High: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The flaw enables remote attackers with regular privileges to upload and execute web shell backdoors, resulting in arbitrary code execution on the server.
Remote attackers possessing low privileges (PR:L) can exploit the vulnerability over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation allows attackers to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) by executing arbitrary code, potentially leading to full server compromise within an unchanged security scope (S:U).
Advisories from TWCERT/CC provide further details on the vulnerability, available at https://www.twcert.org.tw/en/cp-139-10014-69aa5-2.html and https://www.twcert.org.tw/tw/cp-132-10013-0d371-1.html.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The arbitrary file upload vulnerability in a public-facing web application directly enables remote exploitation (T1190) to upload and execute web shell backdoors for arbitrary code execution (T1100).