This content originally appeared on DEV Community and was authored by Sharon
> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Weaver e-Office is a widely used collaboration and management platform developed by Weaver Network Technology. It supports HR, finance, admin workflows, and mobile office functions. Recently, a critical vulnerability was discovered and patched by Weaver, and SafeLine security research teams have analyzed and confirmed its impact.
What Happened?
Security researchers at Chaitin Tech detected that Weaver released a patch addressing a remote code execution (RCE) flaw. The issue occurs due to a combination of arbitrary file upload and file inclusion, allowing attackers to execute malicious code on vulnerable servers without authentication.
Why It Matters
- RCE is critical: Successful exploitation means attackers could run arbitrary commands on your server.
- Widespread exposure: e-Office is common in enterprise and SMB environments.
- Easy exploitation: Attackers can leverage this without valid credentials.
Detection Tools
Chaitin’s security team has released two tools to help identify vulnerable assets:
1. X-POC Remote Scanner
Run against a target to test for exposure:
xpoc -r 410 -t http://target-url
`
Download:
2. CloudWalker Local Scanner
Run locally on Windows:
bash
weaver_eoffice_rce_ct_898014_scanner_windows_amd64.exe
Download:
Affected Versions
- e-Office < 10.0_20230821
How to Mitigate
Temporary Workaround:
- Use network ACLs to limit access only to trusted IP addresses or networks.
Permanent Fix:
- Upgrade to e-Office 10.0_20230821 or later immediately.
- Official patch and advisory: Weaver e-Office
Product Support
Chaitin’s ecosystem products have integrated detection and support for this vulnerability:
- Yuntu: Fingerprinting and PoC scanning supported.
- Dongjian: Custom PoC detection available.
- SafeLine WAF: Can detect exploitation attempts.
- Quanxi: Released updated detection signatures.
- CloudWalker: Emergency vuln intelligence package available (EMERVULN-23.09.026).
Timeline
- Sep 25: Vulnerability disclosed online.
- Sep 25: Chaitin emergency team analyzed and reproduced the issue.
- Sep 26: Official advisory released.
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
This content originally appeared on DEV Community and was authored by Sharon
Sharon | Sciencx (2025-08-27T02:52:12+00:00) Critical Vulnerability Alert: Weaver e-Office Remote Code Execution (RCE) – Patch Now. Retrieved from https://www.scien.cx/2025/08/27/critical-vulnerability-alert-weaver-e-office-remote-code-execution-rce-patch-now/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.