Forwarded by Taiwan Computer Network Crisis Response and Coordination Center TWCERTCC-200-202507-00000024

[Description]
[Ventem | Multifunctional Smart Campus Platform - Missing Authorization] (CVE-2025-8322, CVSS: 8.8) Ventem's Multifunctional Campus Platform has a Missing Authorization vulnerability. A remote attacker with normal user privileges can directly access administrator functions, including adding, modifying, and deleting accounts, and even elevate any account to system administrator.

[Ventem | Multifunctional Smart Campus Platform - Arbitrary File Upload] (CVE-2025-8323, CVSS: 8.8) Ventem's Multifunctional Campus Platform has an Arbitrary File Upload vulnerability. A remote attacker with normal user privileges can upload and execute a web backdoor program, thereby executing arbitrary code on the server.

[Affected Platform]
Multi-functional Smart Campus Platform

[Recommended Actions]
Schools operating the system on-site should contact Ventem to confirm the status of their updates. Alternatively, consider closing external services and limiting access to campus services only.

[References]
1. https://www.twcert.org.tw/tw/cp-132-10304-6b375-1.html
2. https://www.twcert.org.tw/tw/cp-132-10306-ccea7-1.html