【Vulnerability Alert】Sunnet Technology | WMPro Smart Master – Arbitrary File Upload (CVE-2025-15226)

publish date : 2026-01-02 update date : 2026-01-02

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2025123001123030 Publication Time 2025/12/30 13:38
Incident Type ANA-Vulnerability Alert Discovery Time 2025/12/30 13:38
Impact Level Low  
[Subject]
【Vulnerability Alert】Sunnet Technology | WMPro Smart Master – Arbitrary File Upload (CVE-2025-15226)
[Content]
Forwarded from TWCERTCC-200-202512-00000016

Sunnet Technology | WMPro Smart Master – Arbitrary File Upload (CVE-2025-15226, CVSS: 9.8) An Arbitrary File Upload vulnerability exists in WMPro Smart Master. An unauthenticated remote attacker can upload and execute web shell backdoor programs, thereby executing arbitrary code on the server.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
WMPro versions 5.0 through 5.2
[Recommended Actions]
Contact the vendor to install patches and adjust system configurations.
[Reference]
https://www.twcert.org.tw/tw/cp-132-10602-c1c69-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center