[Vulnerability Alert] Yuan-Gong Technology | ThinPLUS - OS Command Injection (CVE-2025-13284)

Posted Date: 2025/11/26

Subject: [Vulnerability Alert] Yuan-Gong Technology | ThinPLUS - OS Command Injection (CVE-2025-13284)
Content:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202511-00000014
- [Yuan-Gong Technology | ThinPLUS - OS Command Injection] (CVE-2025-13284, CVSS: 9.8) ThinPLUS developed by Yuan-Gong Technology has an OS Command Injection vulnerability that allows an unauthenticated remote attacker to inject arbitrary operating system commands and execute them on the server.
Affected Platforms:
- ThinPLUS
Recommended Measures:
- Contact the vendor for an update
References:
1. https://www.twcert.org.tw/tw/cp-132-10512-e196b-1.html

Computer and Communications Center
Network Systems Group