[Vulnerability Alert] E-A-E Technologies | U-Office Force - 2 Vulnerabilities Exist (CVE-2025-12864)(CVE-2025-12865)

• Subject: [Vulnerability Alert] E-A-E Technologies | U-Office Force - 2 Vulnerabilities Exist (CVE-2025-12864)(CVE-2025-12865)

• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202511-00000006
  • [E-A-E Technologies | U-Office Force - SQL Injection] (CVE-2025-12864, CVSS: 8.8) An authenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.
  • [E-A-E Technologies | U-Office Force - SQL Injection] (CVE-2025-12865, CVSS: 8.8) An authenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.
• Affected Platforms:
  • U-Office Force versions prior to 29.50 (exclusive)
• Recommended Measures:
  • Update to version 29.50 (inclusive) or later
• References:
  1. https://www.twcert.org.tw/tw/cp-132-10488-2df22-1.html

Computer and Communications Center
Network Systems Group