Reflected Cross-site Scripting Vulnerability in WinMatrix3 by Simopro Technology
CVE-2025-7920

6.1MEDIUM

Key Information:

Vendor: Simopro Technology
Status: Winmatrix3 Web Package
Vendor: CVE Published:; 21 July 2025

🔔 Create Simopro Technology Vulnerability Alert

What is CVE-2025-7920?

The WinMatrix3 web package, developed by Simopro Technology, is vulnerable to reflected cross-site scripting attacks. This vulnerability permits unauthenticated remote attackers to inject and execute arbitrary JavaScript code within the user's browser. Exploitation can occur through deceptive phishing tactics, potentially leading to data theft or unauthorized actions within the context of the user's session.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WinMatrix3 Web package 0 <= 1.2.39.5

References

https://www.twcert.org.tw/tw/cp-132-10262-2fcb6-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10267-775be-2.html

third-party-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Jul 21, 2025

JSON

Simopro Technology