Date Posted: 2025/07/25
[Vulnerability Alert] Insecure Deserialization Vulnerability in WinMatrix3 Application Server Developed by Dayang Technology
- Subject: [Vulnerability Alert] Insecure Deserialization Vulnerability in WinMatrix3 Application Server Developed by Dayang Technology
- Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000015
- [Dayang Technology | WinMatrix3 - Insecure Deserialization] (CVE-2025-7916, CVSS: 9.8) An insecure deserialization vulnerability exists in the server-side of the WinMatrix3 application developed by Dayang Technology. Unauthenticated remote attackers can execute arbitrary code on the server by sending malicious serialized content.
- Affected Platforms:
- WinMatrix AP versions 3.8.52.5 (inclusive) and earlier
- Recommended Action:
- Update AP to 3.8.52.5 (Web 1.2.39.5) and install the hotfix, or update AP to version 3.9.1 (Web 1.3.1) (inclusive) and later.
- References:
Computer and Communications Center
Network Systems Group
