CVE-2025-8913 – CVE-2025-8913 is a critical Local File Inclusio... (How to Fix)

Q: What is the severity of CVE-2025-8913?

CVE-2025-8913 has a CVSS score of 9.8 (CRITICAL). CVE-2025-8913 is a critical Local File Inclusion vulnerability in WellChoose's Organization Portal System that allows unauthenticated remote attackers to execute arbitrary code on the server. This affects all organizations using the vulnerable software, potentially leading to complete system compromise.

📋 TL;DR

CVE-2025-8913 is a critical Local File Inclusion vulnerability in WellChoose's Organization Portal System that allows unauthenticated remote attackers to execute arbitrary code on the server. This affects all organizations using the vulnerable software, potentially leading to complete system compromise.

💻 Affected Systems

Products:

WellChoose Organization Portal System

Versions: All versions prior to the patch

Operating Systems: Any OS running the vulnerable software

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations; no special configuration required for exploitation.

📦 What is this software?

Organization Portal System by Wellchoose

View all CVEs affecting Organization Portal System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server takeover with attacker gaining administrative privileges, data exfiltration, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Unauthenticated attackers execute arbitrary code to steal sensitive data, deploy malware, or pivot to internal networks.

🟢

If Mitigated

With proper network segmentation and WAF rules, impact limited to isolated web server compromise.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation allows direct attack from anywhere on the internet.

🏢 Internal Only: MEDIUM - Internal attackers could exploit, but external threat is more significant.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple LFI to RCE chain with public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10325-70192-2.html

Restart Required: Yes

Instructions:

1. Download latest patched version from vendor. 2. Backup current installation. 3. Apply patch according to vendor instructions. 4. Restart web service. 5. Verify fix.

🔧 Temporary Workarounds

WAF Rule Implementation

all

Block LFI patterns in web requests

# Example ModSecurity rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,msg:'Path Traversal Attempt'

Disable PHP File Inclusion Functions

linux

Restrict dangerous PHP functions via php.ini

disable_functions = include,require,include_once,require_once,file_get_contents

🧯 If You Can't Patch

Isolate affected system in separate network segment with strict firewall rules
Implement application-level input validation to block directory traversal patterns

🔍 How to Verify

Check if Vulnerable:

Test for LFI by attempting to include local files via vulnerable parameters

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Attempt exploitation after patch; successful patch should block file inclusion attempts

📡 Detection & Monitoring

Log Indicators:

Multiple requests with '../' patterns
Unusual file access attempts in web logs
PHP error logs showing file inclusion failures

Network Indicators:

HTTP requests containing path traversal sequences
Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND ("../" OR "..\\" OR "php://" OR "file://")

📊 Metadata

CVE ID: CVE-2025-8913

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-98

EPSS Score: 0.34% exploit probability (55.9th percentile)

Published: August 13, 2025

Last Updated: August 21, 2025

🔗 References

https://www.twcert.org.tw/en/cp-139-10325-70192-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10321-3cae5-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8913, you might also want to check these: