[Vulnerability Alert] All-in-One Software | Medical Records Document Scanning and Storage System - Hard-coded Credentials

• Subject: [Vulnerability Alert] All-in-One Software | Medical Records Document Scanning and Storage System - Hard-coded Credentials
• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202509-00000003
  • [All-in-One Software | Medical Records Document Scanning and Storage System - Hard-coded Credentials] (CVE-2025-8857, CVSS: 9.8) An unauthenticated remote attacker can use a hard-coded management account and password in the source code to log in to the system.
• Affected Platforms:
  • Medical Records Document Scanning and Storage System versions 2.4.23.2131 and earlier, excluding versions 1.5.x.x and 2.0.x.x
• Recommended Measures:
  • Update to version 2.4.23.2131 (exclusive) or later.
• References:
  • https://www.twcert.org.tw/tw/cp-132-10362-c6021-1.html

Computer and Communications Center
Network Systems Group