News | SOUTHERN TAIWAN UNIVERSITY OF SCIENCE AND TECHNOLOGY Library and Information Services

:::

[Security Vulnerability Alert] Hundred Plus | EIP Plus - Weak Password Recovery Mechanism (CVE-2025-12866)

Type：行政公告

Pubish Date：2025/11/13 至 2026/05/13

Visitors：79

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202511-00000007

[Content Description]
【Hundred Plus | EIP Plus - Weak Password Recovery Mechanism】(CVE-2025-12866, CVSS: 9.8) An unauthenticated remote attacker can predictably or brute-force a forgotten password link, thereby successfully changing the password of any user.

[Affected Platforms]
EIP Plus versions prior to RELEASE_240626 (excluding)

[Recommended Actions]
Update to RELEASE_240626 or later

[References]
1. https://www.twcert.orgtw/tw/cp-132-10490-2534b-1.html

相關附件

參考資料

返回列表