Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-3621

Summary
Assigner-FSI
Assigner Org ID-09832df1-09c1-45b4-8a85-16c601d30feb
Published At-15 Jul, 2025 | 07:22
Updated At-15 Jul, 2025 | 13:30
Rejected At-
Credits

Remote Code Execution in ProTNS ActADUR

Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.  * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use of Hard-coded Credentials * Improper Authentication * Binding to an Unrestricted IP Address The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:FSI
Assigner Org ID:09832df1-09c1-45b4-8a85-16c601d30feb
Published At:15 Jul, 2025 | 07:22
Updated At:15 Jul, 2025 | 13:30
Rejected At:
▼CVE Numbering Authority (CNA)
Remote Code Execution in ProTNS ActADUR

Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.  * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use of Hard-coded Credentials * Improper Authentication * Binding to an Unrestricted IP Address The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.

Affected Products
Vendor
ProTNS
Product
ActADUR
Package Name
Local Server
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From v2.0.1.9 before v2.0.2.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWECWE-798CWE-798 Use of Hard-coded Credentials
CWECWE-287CWE-287 Improper Authentication
CWECWE-1327CWE-1327 Binding to an Unrestricted IP Address
Type: CWE
CWE ID: CWE-77
Description: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: CWE
CWE ID: CWE-798
Description: CWE-798 Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-287
Description: CWE-287 Improper Authentication
Type: CWE
CWE ID: CWE-1327
Description: CWE-1327 Binding to an Unrestricted IP Address
Metrics
VersionBase scoreBase severityVector
4.09.4CRITICAL
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L
3.19.6CRITICAL
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Version: 4.0
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-253CAPEC-253 Remote Code Inclusion
CAPEC ID: CAPEC-253
Description: CAPEC-253 Remote Code Inclusion
Solutions
Configurations
Workarounds
Exploits
Credits
finder
oriax(박기택, Park Kitaek)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.protns.com/53
N/A
Hyperlink: https://www.protns.com/53
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:09832df1-09c1-45b4-8a85-16c601d30feb
Published At:15 Jul, 2025 | 08:15
Updated At:15 Jul, 2025 | 13:14

Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.  * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use of Hard-coded Credentials * Improper Authentication * Binding to an Unrestricted IP Address The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.4CRITICAL
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.19.6CRITICAL
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Type: Secondary
Version: 4.0
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-77Secondary09832df1-09c1-45b4-8a85-16c601d30feb
CWE-287Secondary09832df1-09c1-45b4-8a85-16c601d30feb
CWE-798Secondary09832df1-09c1-45b4-8a85-16c601d30feb
CWE-1327Secondary09832df1-09c1-45b4-8a85-16c601d30feb
CWE ID: CWE-77
Type: Secondary
Source: 09832df1-09c1-45b4-8a85-16c601d30feb
CWE ID: CWE-287
Type: Secondary
Source: 09832df1-09c1-45b4-8a85-16c601d30feb
CWE ID: CWE-798
Type: Secondary
Source: 09832df1-09c1-45b4-8a85-16c601d30feb
CWE ID: CWE-1327
Type: Secondary
Source: 09832df1-09c1-45b4-8a85-16c601d30feb
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.protns.com/5309832df1-09c1-45b4-8a85-16c601d30feb
N/A
Hyperlink: https://www.protns.com/53
Source: 09832df1-09c1-45b4-8a85-16c601d30feb
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2021-38412
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.6||CRITICAL
EPSS-0.16% / 37.00%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 19:07
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Digi PortServer TS 16 Improper Authentication

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.

Action-Not Available
Vendor-digiDigi International
Product-portserver_ts_16_firmwareportserver_ts_16PortServer TS 16
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-26902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.77% / 81.89%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:33
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs850rbk752_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Details not found