POSTING DATE: 2026/01/06

[VULNERABILITY ALERT] Grand-Tek Enterprise North Project Technical Department | Arbitrary File Upload (CVE-2025-15228)

  • Subject: [VULNERABILITY ALERT] Grand-Tek Enterprise North Project Technical Department | Arbitrary File Upload (CVE-2025-15228)


  • Content Description:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202512-00000017
    • [Grand-Tek Enterprise North Project Technical Department | Arbitrary File Upload] (CVE-2025-15228, CVSS: 9.8) BPMFlowWebkit contains an Arbitrary File Upload vulnerability. A remote unauthenticated attacker can upload and execute web shells, thereby executing arbitrary code on the server.
  • Affected Platforms:
    • BPMFlowWebkit versions prior to 5.0.5 (exclusive)
  • Recommended Actions:
    • Please update to version 5.0.5 (inclusive) or later.
  • Reference Material:
    1. https://www.twcert.org.tw/tw/cp-132-10604-c65aa-1.html

Computer and Communication Center
Network Systems Division, Respectfully