CVE-2025-7145
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gaining administrative access to the remote host.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TeamT5 | ThreatSonar Anti-Ransomware | 3.6.0 <= 3.8.3 | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-10231-a15c8-1.html
- https://www.twcert.org.tw/en/cp-139-10232-f99c0-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.