CVE 9.3 CRITICAL

ThinPLUS｜ThinPLUS – OS Command Injection_CVE-2025-13284

November 17, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.

AI Analysis

OS Command Injection vulnerability allowing remote attackers to inject and execute arbitrary OS commands

Basic Information

ID CVE-2025-13284

Source twcert

Published Nov 17, 2025 at 03:37

Affected Product

Vendor ThinPLUS

Product ThinPLUS

Affected Versions ThinPLUS ThinPLUS 0

CWE Classification

CWE-78

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor ThinPLUS

Product ThinPLUS

References

{
    "lastseen": "",
    "description": "ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.",
    "published": "2025-11-17T03:37:15.767Z",
    "modified": "2025-11-17T03:37:15.767Z",
    "type": "cve",
    "title": "ThinPLUS\uff5cThinPLUS - OS Command Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10512-e196b-1.html\nhttps://www.twcert.org.tw/en/cp-139-10513-0d82b-2.html",
    "id": "CVE-2025-13284",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "ThinPLUS ThinPLUS 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ThinPLUS",
    "version": "0",
    "vendor": "ThinPLUS",
    "ai_description": "OS Command Injection vulnerability allowing remote attackers to inject and execute arbitrary OS commands",
    "ai_severity": "Critical",
    "ai_vendor": "ThinPLUS",
    "ai_product": "ThinPLUS",
    "ai_version": "0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply