CNNVD-202507-2606 Information

CNNVD ID

CNNVD-202507-2606

Related CVE

CVE-2025-7344

• CNNVD Published: 2025-07-21

Description (Chinese)

Digiwin EAI是中国鼎捷（Digiwin）公司的一个跨系统数据交换与自动化平台。 Digiwin EAI存在安全漏洞，该漏洞源于特定API存在权限提升问题，可能导致远程攻击者将权限提升至管理员级别。

Description (English)

Digiwin EAI is a cross-system data exchange and automation platform for the company Digiwin in China. There is a security loophole in digiwin EAI, which stems from the problem of a specific API with increased authority, which may result in remote attackers moving it to the administrator level.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

鼎捷

Published

2025-07-21

Last Modified

2026-02-24

References

https://www.digiwin.com/tw/news/3567.html https://www.twcert.org.tw/en/cp-139-10273-ce2ed-2.html https://www.twcert.org.tw/tw/cp-132-10272-5b691-1.html

Patch

https://www.digiwin.com/tw/news/3567.html