Use of Client-Side Authentication Vulnerability in CyberTutor's New Site Server
CVE-2025-12868

9.3CRITICAL

Key Information:

Vendor: Cybertutor
Status: New Site Server
Vendor: CVE Published:; 10 November 2025

What is CVE-2025-12868?

The New Site Server developed by CyberTutor is susceptible to a client-side authentication vulnerability that enables unauthorized remote attackers to manipulate the frontend code. By doing so, they can gain elevated administrator privileges on the affected website, potentially compromising the integrity and security of the site. This vulnerability highlights the importance of secure coding practices and robust authentication mechanisms to mitigate unauthorized access risks.

Affected Version(s)

New Site Server 0

References

https://www.twcert.org.tw/tw/cp-132-10493-bf807-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10492-84a10-2.html

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Nov 7, 2025

JSON

Cybertutor

What is CVE-2025-12868?

Affected Version(s)

References

CVSS V4

Timeline