Posted Date: 2025/11/12

[Vulnerability Alert] E-A-E Technologies | U-Office Force - 2 Vulnerabilities Exist (CVE-2025-12864)(CVE-2025-12865)

  • Subject: [Vulnerability Alert] E-A-E Technologies | U-Office Force - 2 Vulnerabilities Exist (CVE-2025-12864)(CVE-2025-12865)
  • Content:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202511-00000006
    • [E-A-E Technologies | U-Office Force - SQL Injection] (CVE-2025-12864, CVSS: 8.8) An authenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.
    • [E-A-E Technologies | U-Office Force - SQL Injection] (CVE-2025-12865, CVSS: 8.8) An authenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.
  • Affected Platforms:
    • U-Office Force versions prior to 29.50 (exclusive)
  • Recommended Measures:
    • Update to version 29.50 (inclusive) or later
  • References:
    1. https://www.twcert.org.tw/tw/cp-132-10488-2df22-1.html

Computer and Communications Center
Network Systems Group