Vulnerabilities

CVE-2025-13283 - Chunghwa Telecom｜TenderDocTransfer - Arbitrary File Copy and Paste

2025-11-17 0 views admin

CVE ID : CVE-2025-13283 Published : Nov. 17, 2025, 3:30 a.m. | 38 minutes ago Description : TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability. Attackers can copy arbitrary files on the user's system and paste them into any path, which poses a potential risk of information leakage or could consume hard drive space by copying files in large volumes. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-13283

Severity

HIGH

Published

Nov. 17, 2025

Attack Vector: local

Impact: CSRF

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-13283high

CVE-2025-13283 - Chunghwa Telecom｜TenderDocTransfer - Arbitrary File Copy and Paste

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15411 - WebAssembly wabt wasm-decompile InsertNode memory corruption

CVE-2025-15413 - wasm3 m3_exec.h op_CallIndirect memory corruption

CVE-2025-15412 - WebAssembly wabt wasm-decompile VarName out-of-bounds

CVE-2025-15408 - code-projects Online Guitar Store Create_product.php sql injection

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting