CVE 9.3 CRITICAL

WELLTEND TECHNOLOGY｜ BPMFlowWebkit – Arbitrary File Upload_CVE-2025-15228

December 29, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

AI Analysis

Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors

Basic Information

ID CVE-2025-15228

Source twcert

Published Dec 29, 2025 at 07:18

Affected Product

Vendor WELLTEND TECHNOLOGY

Product BPMFlowWebkit

Affected Versions WELLTEND TECHNOLOGY BPMFlowWebkit 0

CWE Classification

CWE-434

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor WELLTEND TECHNOLOGY

Product BPMFlowWebkit

References

{
    "lastseen": "",
    "description": "BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
    "published": "2025-12-29T07:18:59.303Z",
    "modified": "2025-12-29T07:18:59.303Z",
    "type": "cve",
    "title": "WELLTEND TECHNOLOGY\uff5c BPMFlowWebkit - Arbitrary File Upload",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10604-c65aa-1.html\nhttps://www.twcert.org.tw/en/cp-139-10605-426b6-2.html",
    "id": "CVE-2025-15228",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "WELLTEND TECHNOLOGY BPMFlowWebkit 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BPMFlowWebkit",
    "version": "0",
    "vendor": "WELLTEND TECHNOLOGY",
    "ai_description": "Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors",
    "ai_severity": "Critical",
    "ai_vendor": "WELLTEND TECHNOLOGY",
    "ai_product": "BPMFlowWebkit",
    "ai_version": "0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply