[Vulnerability Alert] All-in-One Software | Medical Records Document Scanning and Storage System - Hard-coded Credentials

Posted Date: 2025/09/04

Subject: [Vulnerability Alert] All-in-One Software | Medical Records Document Scanning and Storage System - Hard-coded Credentials
Content:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202509-00000003
- [All-in-One Software | Medical Records Document Scanning and Storage System - Hard-coded Credentials] (CVE-2025-8857, CVSS: 9.8) An unauthenticated remote attacker can use a hard-coded management account and password in the source code to log in to the system.
Affected Platforms:
- Medical Records Document Scanning and Storage System versions 2.4.23.2131 and earlier, excluding versions 1.5.x.x and 2.0.x.x
Recommended Measures:
- Update to version 2.4.23.2131 (exclusive) or later.
References:
- https://www.twcert.org.tw/tw/cp-132-10362-c6021-1.html

Computer and Communications Center
Network Systems Group