ISSDU Security Advisory – CVE Research and Vulnerability Disclosure

2026/06/30

ISSDU Security Advisory – CVE Research and Vulnerability Disclosure

數聯資安研究團隊持續投入漏洞挖掘與安全研究，近期陸續發現多項安全弱點，並完成通報與協調揭露程序取得 CVE 編號，相關資訊已公開於 TWCERT/CC 平台。本次公告漏洞涵蓋企業應用系統、網路服務及資訊設備等範疇，提醒相關使用者儘速確認受影響範圍並完成修補作業。

The ISSDU Security Research Team continues to invest in vulnerability discovery and cybersecurity research. Recently, the team identified multiple security vulnerabilities and successfully completed the responsible disclosure and coordination process, resulting in the assignment of CVE identifiers. Relevant vulnerability information has been publicly disclosed through the TWCERT/CC platform.

本文資訊將持續更新，以協助企業掌握最新漏洞風險與修補建議：

This advisory will be continuously updated to help organizations stay informed of the latest vulnerability risks and recommended remediation measures.

CVE ID	Public Date	CVSS	Affected Products	Credit	TWCERT/CC link
CVE-2025-8861	2025-08-29	9.8 (Critical)	Changing｜TSA - Missing Authentication	ISSDU Security Member	https://www.twcert.org.tw/en/cp-139-10361-4ce04-2.html
CVE-2025-4558	2025-05-12	9.8 (Critical)	WormHole Tech GPM - Unverified Password Change	ISSDU Security Member	https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html
CVE-2025-4559	2025-05-12	9.8 (Critical)	Netvision ISOinsight - SQL Injection	ISSDU Security Member	https://www.twcert.org.tw/en/cp-139-10117-57344-2.html
CVE-2025-2585	2025-03-21	8.8 (High)	EBM Maintenance Center - SQL injection	ISSDU Security Member	https://www.twcert.org.tw/en/cp-139-10022-8e28e-2.html
CVE-2025-0455	2025-01-15	9.8 (Critical)	NetVision Information airPASS - SQL injection	ISSDU Security Member	https://www.twcert.org.tw/en/cp-139-8358-143bc-2.html
CVE-2025-0456	2025-01-15	9.8 (Critical)	NetVision Information airPASS - Missing Authentication	ISSDU Security Member	https://www.twcert.org.tw/en/cp-139-8360-e97b8-2.html
CVE-2025-0457	2025-01-15	8.8 (High)	NetVision Information airPASS - OS Command Injection	ISSDU Security Member	https://www.twcert.org.tw/en/cp-139-8362-efb33-2.html

在 部落格

讓數聯資安協助您

​資安觀點​

ISSDU Security Advisory – CVE Research and Vulnerability Disclosure

本文資訊將持續更新，以協助企業掌握最新漏洞風險與修補建議：

CVE ID

Public Date

CVSS

Affected Products

Credit

TWCERT/CC link

CVE-2025-8861

2025-08-29

9.8 (Critical)

Changing｜TSA - Missing Authentication

ISSDU Security Member

CVE-2025-4558

2025-05-12

9.8 (Critical)

WormHole Tech GPM - Unverified Password Change

ISSDUSecurity Member

CVE-2025-4559

2025-05-12

9.8 (Critical)

Netvision ISOinsight - SQL Injection

ISSDU Security Member

CVE-2025-2585

2025-03-21

8.8 (High)

EBM Maintenance Center - SQL injection

ISSDU Security Member

CVE-2025-0455

2025-01-15

9.8 (Critical)

NetVision Information airPASS - SQL injection

ISSDU Security Member

CVE-2025-0456

2025-01-15

9.8 (Critical)

NetVision Information airPASS - Missing Authentication

ISSDU Security Member

CVE-2025-0457

2025-01-15

8.8 (High)

NetVision Information airPASS - OS Command Injection

ISSDU Security Member

資安觀點

ISSDU
Security Member

ISSDU
Security Member

ISSDU
Security Member

ISSDU
Security Member

ISSDU
Security Member

ISSDU
Security Member

ISSDU
Security Member