CVE-2025-13283

Name of the Vulnerable Software and Affected Versions Chunghwa Telecom TenderDocTransfer (affected versions not specified)

Description The application establishes a local web server and offers APIs for communication. A lack of CSRF protection in the APIs allows unauthenticated remote attackers to execute actions through phishing. An Absolute Path Traversal vulnerability exists within one of the APIs, enabling attackers to copy arbitrary files from the user's system and paste them into any location. This could lead to information disclosure or excessive hard drive usage.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.