2025-06-30 01:37
CHT Security Red Team Discovered Vulnerability in Well-Known Enterprise Information Portal.
Summary
The Red Team of CHT Security discovered two vulnerabilities (CVE-2025-12866, CVE-2025-12867) in a well-known domestic collaboration platform, including an arbitrary password reset weakness, affecting domestic enterprises.
Vulnerability List
- An attacker, without logging in, can obtain a password reset link through specific packets after sending a password reset request. This vulnerability can be classified under CWE-640: Weak Password Recovery Mechanism for Forgotten Password
- An attacker, with administrator privileges, can execute arbitrary PHP code through specific packets. This vulnerability can be classified under CWE-94: Improper Control of Generation of Code ('Code Injection').
Details
1. Arbitrary User Password Reset
Description
The password recovery function has an insecure implementation
Impact
An unauthenticated user can exploit this to reset any user's password and gain access.
Known Affected Software
- Unknown
Credits
- TsungShu Chiu (CHT Security)
2. Code Injection
Description
There is a code injection vulnerability in specific function, which can only be used by admin.
Impact
Attacker with admin permission can exploit this vulnerability to execute arbitrary php code.
Known Affected Software
- Unknown
Credits
- Yu Ze Huang (CHT Security)