CVE 8.7 HIGH

e-Excellence｜U-Office Force – SQL Injection_CVE-2025-12865

November 10, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents.

AI Analysis

SQL Injection vulnerability allowing remote attackers to inject arbitrary SQL commands

Basic Information

ID CVE-2025-12865

Source twcert

Published Nov 10, 2025 at 02:19

Affected Product

Vendor e-Excellence

Product U-Office Force

Affected Versions e-Excellence U-Office Force 0

CWE Classification

CWE-89

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor e-Excellence

Product U-Office Force

References

{
    "lastseen": "",
    "description": "U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents.",
    "published": "2025-11-10T02:19:00.552Z",
    "modified": "2025-11-10T02:19:00.552Z",
    "type": "cve",
    "title": "e-Excellence\uff5cU-Office Force - SQL Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10488-2df22-1.html\nhttps://www.twcert.org.tw/en/cp-139-10489-a5a6d-2.html",
    "id": "CVE-2025-12865",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "e-Excellence U-Office Force 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "U-Office Force",
    "version": "0",
    "vendor": "e-Excellence",
    "ai_description": "SQL Injection vulnerability allowing remote attackers to inject arbitrary SQL commands",
    "ai_severity": "High",
    "ai_vendor": "e-Excellence",
    "ai_product": "U-Office Force",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply