Simopro Technology｜WinMatrix3 Web package – Arbitrary File Upload_CVE-2025-7917

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Basic Information

ID CVE-2025-7917

Source twcert

Published Jul 21, 2025 at 06:08

Modified Jul 21, 2025 at 15:39

Affected Product

Vendor Simopro Technology

Product WinMatrix3 Web package

Affected Versions Simopro Technology WinMatrix3 Web package 0

CWE Classification

CWE-434

References

{
    "lastseen": "",
    "description": "WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
    "published": "2025-07-21T06:08:38.612Z",
    "modified": "2025-07-21T15:39:46.038Z",
    "type": "cve",
    "title": "Simopro Technology\uff5cWinMatrix3 Web package - Arbitrary File Upload",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10258-16bbf-1.html\nhttps://www.twcert.org.tw/en/cp-139-10263-5f2e7-2.html",
    "id": "CVE-2025-7917",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Simopro Technology WinMatrix3 Web package 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WinMatrix3 Web package",
    "version": "0",
    "vendor": "Simopro Technology",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}