[VULNERABILITY ALERT] Grand-Tek Enterprise North Project Technical Department | Arbitrary File Upload (CVE-2025-15228)

• Subject: [VULNERABILITY ALERT] Grand-Tek Enterprise North Project Technical Department | Arbitrary File Upload (CVE-2025-15228)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202512-00000017
  • [Grand-Tek Enterprise North Project Technical Department | Arbitrary File Upload] (CVE-2025-15228, CVSS: 9.8) BPMFlowWebkit contains an Arbitrary File Upload vulnerability. A remote unauthenticated attacker can upload and execute web shells, thereby executing arbitrary code on the server.
• Affected Platforms:
  • BPMFlowWebkit versions prior to 5.0.5 (exclusive)
• Recommended Actions:
  • Please update to version 5.0.5 (inclusive) or later.
• Reference Material:
  1. https://www.twcert.org.tw/tw/cp-132-10604-c65aa-1.html

Computer and Communication Center
Network Systems Division, Respectfully