CVE-2025-2395

Summary

The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.

Affected Software

VendorProductVersion RangeStatus
e-ExcellenceU-Office Force0 < 28.0affected

Weaknesses

  • CWE-565: CWE-565 Reliance on Cookies without Validation and Integrity Checking

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References