CVE Alert: CVE-2025-12865 - e-Excellence - U-Office Force

CVE-2025-12865

HIGHNo exploitation known

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents.

CVSS v3.1 (8.8)

AV NETWORK · AC LOW · PR LOW · UI NONE · S UNCHANGED

Vendor

e-Excellence

Product

U-Office Force

Versions

0 lt 29.50

CWE

CWE-89, CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published

2025-11-10T02:19:00.552Z

Updated

2025-11-10T02:19:00.552Z

References

https://www.twcert.org.tw/tw/cp-132-10488-2df22-1.html

https://www.twcert.org.tw/en/cp-139-10489-a5a6d-2.html

AI Summary Analysis

Risk verdict

High risk: network-accessible SQL injection in U-Office Force allows an authenticated attacker to read, modify or delete database contents.

Why this matters

The vulnerability scores highly across CVSS metrics (high impact to confidentiality, integrity and availability) and is exploitable remotely with low privileges. That combination enables serious data tampering or exfiltration, potential service disruption, and regulatory or reputational damage if sensitive data is exposed. Patch adoption to 29.50+ is essential to mitigate.

Most likely attack path

Exploitation requires only network access to the vulnerable component and valid credentials (low privileges). No user interaction is needed, and attack complexity is low, enabling arbitrary SQL execution against the backend database. Successful exploitation could lead to data leakage, modification, or deletion, with limited but possible lateral movement within the database environment depending on granted privileges.

Who is most exposed

Likely exposed to organisations running U-Office Force on-premises or in hosted environments with web interfaces publicly reachable or inadequately protected. Small to mid-sized deployments common in practical use may lack strengthened access controls or routine patching.

Detection ideas

Logs show injection-like queries (e.g., UNION SELECT, tautological or malformed WHERE clauses).
Unusual or elevated DB activity from application accounts.
Spike in failed/successful login attempts from unknown networks.
WAF/IPS triggers for SQLi patterns on the app endpoints.
Sudden data volume changes or unexpected row modifications in critical tables.

Mitigation and prioritisation

Apply patch to 29.50 or later; verify in staging before production.
Enforce least privilege for the DB user used by the application; restrict direct DB access.
Implement input validation and ensure the application uses parameterised queries.
Enable and tune SQLi-focused monitoring, logging, and alerting; review recent DB activity.
Plan change management: schedule patch window, communicate to stakeholders, and verify rollback procedures.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-12865, e-excellence, OSINT, threatintel, u-office-force