【Vulnerability Alert】Quanta Computer | QOCA aim AI Medical Cloud Platform – Arbitrary File Upload Vulnerability (CVE-2025-15240)
publish date :
2026-01-12
update date :
2026-01-12
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026010701012626 | Publication Time | 2026/01/07 13:52 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/01/07 13:52 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Quanta Computer | QOCA aim AI Medical Cloud Platform – Arbitrary File Upload Vulnerability (CVE-2025-15240) |
|||
| [Content] Forwarded from TWCERTCC-200-202601-00000003 【Quanta Computer | QOCA aim AI Medical Cloud Platform – Arbitrary File Upload】 (CVE-2025-15240, CVSS: 8.8) An Arbitrary File Upload vulnerability exists in the QOCA aim AI Medical Cloud Platform. An authenticated remote attacker can upload and execute web shell backdoor programs, thereby executing arbitrary code on the server. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] QOCA aim versions 2.7.5 and earlier |
|||
| [Recommended Actions] Please update to version 2.7.6 or later. |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center