轉發 台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202507-00000019
[內容說明]
【鼎新數智|互聯中台 - Privilege Escalation】(CVE-2025-7344,CVSS:8.8) 鼎新數智開發之互聯中台存在Privilege Escalation漏洞,已經取得一般權限之遠端攻擊者可利用特定API取得管理員權限。
[影響平台]
互聯中台 2.5.1 build 0161(含)以下版本
[建議措施]
更新至2.3.2 build 0115(含)以上版本並安裝修補程式KB202504001
[參考資料]
https://www.twcert.org.tw/tw/cp-132-10272-5b691-1.html
Forwarded by Taiwan Computer Network Crisis Management and Coordination Center TWCERTCC-200-202507-00000019
[Content Description]
[Data Systems Co., Ltd. (Digiwin)|Internet Middle Platform - Privilege Escalation] (CVE-2025-7344, CVSS: 8.8) The Internet Middle Platform developed by Data Systems Co., Ltd. (Digiwin) has a Privilege Escalation vulnerability. Remote attackers who have obtained general permissions can use specific APIs to obtain administrator permissions.
[Affected Platform]
Internet Middle Platform 2.5.1 build 0161 (inclusive) and below
[Recommended Measures]
Update to 2.3.2 build 0115 (inclusive) and above and install the patch KB202504001
[References]
https://www.twcert.org.tw/tw/cp-132-10272-5b691-1.html