CVE-2025-3621

Summary

Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. 

  • vulnerabilities: *

Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • Use of Hard-coded Credentials
  • Improper Authentication
  • Binding to an Unrestricted IP Address

The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.

Affected Software

VendorProductVersion RangeStatus
ProTNSActADURv2.0.1.9 < v2.0.2.0affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-798: CWE-798 Use of Hard-coded Credentials
  • CWE-287: CWE-287 Improper Authentication
  • CWE-1327: CWE-1327 Binding to an Unrestricted IP Address

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References