CVE-2025-8853 PUBLISHED

2100 Technology|Official Document Management System - Authentication Bypass

Assigner: twcert
Reserved: 11.08.2025 Published: 11.08.2025 Updated: 11.08.2025

Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor 2100 Technology
Product Official Document Management System
Versions Default: unaffected
  • Version 5.0.89.0 is affected
  • Version 5.0.89.1 is affected
  • Version 5.0.89.2 is affected

Solutions

Update to version 5.0.90 or later

References

Problem Types

  • CWE-290 Authentication Bypass by Spoofing CWE

Impacts

  • CAPEC-60 Reusing Session IDs (aka Session Replay)