[VULNERABILITY ALERT] Quanta Computer | QOCA aim AI Medical Cloud Platform - Arbitrary File Upload (CVE-2025-15240)

• Subject: [VULNERABILITY ALERT] Quanta Computer | QOCA aim AI Medical Cloud Platform - Arbitrary File Upload (CVE-2025-15240)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000003
  • [Quanta Computer | QOCA aim AI Medical Cloud Platform - Arbitrary File Upload] (CVE-2025-15240, CVSS: 8.8) QOCA aim AI Medical Cloud Platform contains an Arbitrary File Upload vulnerability. An authenticated remote attacker can upload and execute web shell programs, thereby executing arbitrary code on the server side.
• Affected Platforms:
  • QOCA aim versions v2.7.5 (inclusive) and earlier
• Recommended Actions:
  • Please update to version v2.7.6 (inclusive) or later.
• Reference Material:
  1. https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html

Computer and Communication Center
Network Systems Division, Respectfully