ByteOS Network

NVD Vulnerability Details :

CVE-2025-12867

Awaiting Analysis

Source-twcert@cert.org.tw

Published At-10 Nov, 2025 | 04:15

Updated At-12 Nov, 2025 | 17:15

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.6	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-434	Secondary	twcert@cert.org.tw

CWE ID: CWE-434

Type: Secondary

Source: twcert@cert.org.tw

References

Hyperlink	Source	Resource
https://www.twcert.org.tw/en/cp-139-10491-004b0-2.html	twcert@cert.org.tw	N/A
https://www.twcert.org.tw/tw/cp-132-10490-2534b-1.html	twcert@cert.org.tw	N/A
https://www.chtsecurity.com/news/20848f61-9db5-44fd-8574-c9d6a54e4010	af854a3a-2127-422b-91ae-364da2661108	N/A