CVE 8.7 HIGH

Quanta Computer｜QOCA aim AI Medical Cloud Platform – Arbitrary File Upload_CVE-2025-15240

January 5, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

AI Analysis

Arbitrary File Upload vulnerability allowing authenticated remote attackers to upload and execute web shell backdoors

Basic Information

ID CVE-2025-15240

Source twcert

Published Jan 5, 2026 at 08:18

Affected Product

Vendor Quanta Computer

Product QOCA aim AI Medical Cloud Platform

Affected Versions Quanta Computer QOCA aim AI Medical Cloud Platform 0

CWE Classification

CWE-434

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Quanta Computer

Product QOCA aim AI Medical Cloud Platform

References

{
    "lastseen": "",
    "description": "QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
    "published": "2026-01-05T08:18:15.343Z",
    "modified": "2026-01-05T08:18:15.343Z",
    "type": "cve",
    "title": "Quanta Computer\uff5cQOCA aim AI Medical Cloud Platform - Arbitrary File Upload",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html\nhttps://www.twcert.org.tw/en/cp-139-10616-cd942-2.html",
    "id": "CVE-2025-15240",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Quanta Computer QOCA aim AI Medical Cloud Platform 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "QOCA aim AI Medical Cloud Platform",
    "version": "0",
    "vendor": "Quanta Computer",
    "ai_description": "Arbitrary File Upload vulnerability allowing authenticated remote attackers to upload and execute web shell backdoors",
    "ai_severity": "High",
    "ai_vendor": "Quanta Computer",
    "ai_product": "QOCA aim AI Medical Cloud Platform",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply