CVE 8.6 HIGH

Hundred Plus｜EIP Plus – Arbitrary File Uplaod_CVE-2025-12867

November 10, 2025 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

AI Analysis

Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors for arbitrary code execution

Basic Information

ID CVE-2025-12867

Source twcert

Published Nov 10, 2025 at 03:02

Affected Product

Vendor Hundred Plus

Product EIP Plus

Affected Versions Hundred Plus EIP Plus 0

CWE Classification

CWE-434

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Hundred Plus

Product EIP Plus

References

{
    "lastseen": "",
    "description": "EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
    "published": "2025-11-10T03:02:49.313Z",
    "modified": "2025-11-10T03:02:49.313Z",
    "type": "cve",
    "title": "Hundred Plus\uff5cEIP Plus - Arbitrary File Uplaod",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10490-2534b-1.html\nhttps://www.twcert.org.tw/en/cp-139-10491-004b0-2.html",
    "id": "CVE-2025-12867",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Hundred Plus EIP Plus 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EIP Plus",
    "version": "0",
    "vendor": "Hundred Plus",
    "ai_description": "Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors for arbitrary code execution",
    "ai_severity": "High",
    "ai_vendor": "Hundred Plus",
    "ai_product": "EIP Plus",
    "ai_version": "0",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply