CVE-2025-13283
📋 TL;DR
TenderDocTransfer software has two critical vulnerabilities: lack of CSRF protection allows unauthenticated remote attackers to trigger API calls via phishing, and an absolute path traversal vulnerability in one API enables arbitrary file copying and pasting on the user's system. This affects all users running the vulnerable TenderDocTransfer application. Attackers can steal sensitive files or consume disk space through mass file copying.
💻 Affected Systems
- TenderDocTransfer
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through theft of sensitive files (passwords, documents, credentials) and denial of service via disk space exhaustion from mass file copying.
Likely Case
Targeted information theft of specific documents or files through phishing attacks, potentially leading to data breaches.
If Mitigated
Limited impact with proper network segmentation and user awareness preventing successful phishing attempts.
🎯 Exploit Status
Exploitation requires user interaction via phishing but uses simple API calls with path traversal.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown specific version - check vendor advisory
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10511-10f3a-2.html
Restart Required: Yes
Instructions:
1. Check Chunghwa Telecom advisory for patched version. 2. Download and install the latest version from official vendor sources. 3. Restart the application and any associated services.
🔧 Temporary Workarounds
Network Isolation
allBlock the application's web server ports from external networks
Windows: netsh advfirewall firewall add rule name="Block TenderDocTransfer" dir=in action=block protocol=TCP localport=[PORT]
Application Firewall Rules
windowsRestrict which processes can communicate with the TenderDocTransfer web server
🧯 If You Can't Patch
- Uninstall TenderDocTransfer if not critically needed
- Implement strict network segmentation to isolate systems running the vulnerable application
🔍 How to Verify
Check if Vulnerable:
Check if TenderDocTransfer is running and accessible on local network ports (typically 8080 or similar). Test API endpoints for CSRF protection and path traversal.Check Version:
Check application interface or installation directory for version informationVerify Fix Applied:
Verify installed version matches patched version from vendor advisory. Test that API endpoints now require authentication and reject path traversal attempts.📡 Detection & Monitoring
Log Indicators:
- Unusual file copy operations from TenderDocTransfer process
- Access to sensitive system paths by the application
- Multiple failed API authentication attempts
Network Indicators:
- External IP addresses accessing TenderDocTransfer APIs
- Unusual traffic patterns to the application's web server port
SIEM Query:
process_name:"TenderDocTransfer" AND (file_copy_operation OR path_traversal_pattern)