{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-11675", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2025-10-13T05:59:31.840Z", "datePublished": "2025-10-13T07:56:11.168Z", "dateUpdated": "2025-10-14T14:02:30.863Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Enterprise Cloud Database", "vendor": "Ragic", "versions": [{"status": "affected", "version": "0"}]}], "datePublic": "2025-10-13T07:48:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server."}], "value": "Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server."}], "impacts": [{"capecId": "CAPEC-650", "descriptions": [{"lang": "en", "value": "CAPEC-650 Upload a Web Shell to a Web Server"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2025-10-13T07:56:11.168Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-10423-a3861-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-10424-4e42c-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Please install the patch with version 2025/09/12 12:55:15 or later<br>"}], "value": "Please install the patch with version 2025/09/12 12:55:15 or later"}], "source": {"advisory": "TVN-202510003", "discovery": "EXTERNAL"}, "title": "Ragic\uff5cEnterprise Cloud Database - Arbitrary File Upload", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T14:02:22.520771Z", "id": "CVE-2025-11675", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T14:02:30.863Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Ragic\uff5cEnterprise Cloud Database - Arbitrary File Upload", "source": {"advisory": "TVN-202510003", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-650", "descriptions": [{"lang": "en", "value": "CAPEC-650 Upload a Web Shell to a Web Server"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ragic", "product": "Enterprise Cloud Database", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please install the patch with version 2025/09/12 12:55:15 or later", "supportingMedia": [{"type": "text/html", "value": "Please install the patch with version 2025/09/12 12:55:15 or later<br>", "base64": false}]}], "datePublic": "2025-10-13T07:48:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-10423-a3861-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-10424-4e42c-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.", "supportingMedia": [{"type": "text/html", "value": "Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2025-10-13T07:56:11.168Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11675", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-14T14:02:22.520771Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-10-14T14:02:27.705Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-11675", "state": "PUBLISHED", "dateUpdated": "2025-10-13T07:56:11.168Z", "dateReserved": "2025-10-13T05:59:31.840Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2025-10-13T07:56:11.168Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server."}], "id": "CVE-2025-11675", "lastModified": "2025-10-14T19:36:29.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2025-10-13T08:15:41.137", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-10424-4e42c-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-10423-a3861-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}

{"created": "2025-10-20T16:13:30.998561+00:00", "updated": "2025-10-20T16:13:30.998585+00:00", "vendors": ["ragic", "ragic$PRODUCT$enterprise_cloud_database"]}