[Vulnerability Alert] Yuan-Gong Technology | ThinPLUS - OS Command Injection (CVE-2025-13284)

• Subject: [Vulnerability Alert] Yuan-Gong Technology | ThinPLUS - OS Command Injection (CVE-2025-13284)
• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202511-00000014
  • [Yuan-Gong Technology | ThinPLUS - OS Command Injection] (CVE-2025-13284, CVSS: 9.8) ThinPLUS developed by Yuan-Gong Technology has an OS Command Injection vulnerability that allows an unauthenticated remote attacker to inject arbitrary operating system commands and execute them on the server.
• Affected Platforms:
  • ThinPLUS
• Recommended Measures:
  • Contact the vendor for an update
• References:
  1. https://www.twcert.org.tw/tw/cp-132-10512-e196b-1.html

Computer and Communications Center
Network Systems Group