[Vulnerability Alert] All-in-One Software | Timestamp Server (TSA) - Missing Authentication

• Subject: [Vulnerability Alert] All-in-One Software | Timestamp Server (TSA) - Missing Authentication
• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202509-00000002
  • [All-in-One Software | Timestamp Server (TSA) - Missing Authentication] (CVE-2025-8861, CVSS: 9.8) A Missing Authentication vulnerability exists in the Timestamp Server (TSA) developed by All-in-One Software, allowing an unauthenticated remote attacker to use developer tools to read, modify, and delete database content.
• Affected Platforms:
  • Timestamp Server (TSA), only affected if purchased before 2025/2/6
• Recommended Measures:
  • Contact the vendor to confirm if the patch has been completed.
• References:
  • https://www.twcert.org.tw/tw/cp-132-10360-012e7-1.html

Computer and Communications Center
Network Systems Group