[Vulnerability Alert] Jayin Information | Pen-Yen Document Management System - Arbitrary File Upload

• Subject: [Vulnerability Alert] Jayin Information | Pen-Yen Document Management System - Arbitrary File Upload
• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202510-00000013
  • [Jayin Information | Pen-Yen Document Management System - Arbitrary File Upload] (CVE-2025-11948, CVSS: 9.8) The Pen-Yen Document Management System developed by Jayin Information has an Arbitrary File Upload vulnerability, allowing an unauthenticated remote attacker to upload and execute a web shell program, leading to arbitrary code execution on the server.
• Affected Platforms:
  • Pen-Yen Document Management System
• Recommended Action:
  • Please contact the vendor for an update
• Reference:
  • https://www.twcert.org.tw/tw/cp-132-10452-72cb6-1.html

Computer and Communications Center
Network Systems Group