[Vulnerability Alert] Privilege Escalation Vulnerability Exists in the Connected Middleware Developed by Digital China

Date Posted: 2025/07/31

Subject: [Vulnerability Alert] Privilege Escalation Vulnerability Exists in the Connected Middleware Developed by Digital China

Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000019
- [Digital China | Connected Middleware - Privilege Escalation] (CVE-2025-7344, CVSS: 8.8) A privilege escalation vulnerability exists in the connected middleware developed by Digital China. A remote attacker who has obtained general permissions can exploit specific APIs to gain administrator privileges.
Affected Platforms:
- Connected Middleware version 2.5.1 build 0161 (inclusive) and earlier
Recommended Action:
- Update to version 2.3.2 build 0115 (inclusive) or later and install patch KB202504001
References:
- https://www.twcert.org.tw/tw/cp-132-10272-5b691-1.html

Computer and Communications Center
Network Systems Group