[Vulnerability Alert] WinMatrix3 Web Suite Developed by Daryang Tech Has an SQL Injection Vulnerability

• Subject: [Vulnerability Alert] WinMatrix3 Web Suite Developed by Daryang Tech Has an SQL Injection Vulnerability

• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000016
  • [Daryang Tech | WinMatrix3 Web Suite - SQL Injection] (CVE-2025-7918, CVSS: 9.8) The WinMatrix3 Web Suite developed by Daryang Tech has an SQL Injection vulnerability. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.
• Affected Platforms:
  • WinMatrix Web 1.2.39.5 (inclusive) and earlier versions
• Recommended Action:
  • Update AP to 3.852.5 (Web 1.2.39.5) and install the hotfix, or update AP to 3.9.1 (Web 1.3.1) (inclusive) and later versions
• References:
  • https://www.twcert.org.tw/tw/cp-132-10259-b4b38-1.html

Computer and Communications Center
Network Systems Group