CVE-2025-8853CRITICAL 9.8EPSS p44.2%

CVE-2025-8853CVE-2025-8853

Description

Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.60% probability of exploitation · percentile 44.2% · 2026-06-19T12:03:05Z
Published2025-08-11
Last modified2026-04-15

Underlying weaknesses· 1

CWE-290

References

  1. https://www.chtsecurity.com/news/8618a2f0-390a-4506-9ff8-a9e74030d19e
  2. https://www.chtsecurity.com/news/a9a90f0b-c2cb-4c66-b3d1-bc7f252fd108
  3. https://www.twcert.org.tw/en/cp-139-10320-ad540-2.html
  4. https://www.twcert.org.tw/tw/cp-132-10319-adc18-1.html

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Spoofingcwe-2900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-2395
CVE
CVE-2025-8093
CVE
CVE-2025-11948
CVE
CVE-2025-58587
CVE
CVE-2025-8025
CVE
CVE-2026-23595
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.