We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-3621

Remote Code Execution in ProTNS ActADUR



Description

Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.  * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use of Hard-coded Credentials * Improper Authentication * Binding to an Unrestricted IP Address The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.

Reserved 2025-04-15 | Published 2025-07-15 | Updated 2025-07-15 | Assigner FSI


CRITICAL: 9.4CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

CRITICAL: 9.6CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Problem types

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-798 Use of Hard-coded Credentials

CWE-287 Improper Authentication

CWE-1327 Binding to an Unrestricted IP Address

Product status

Default status
unaffected

v2.0.1.9 before v2.0.2.0
affected

Credits

oriax(박기택, Park Kitaek) finder

References

www.protns.com/53

cve.org (CVE-2025-3621)

nvd.nist.gov (CVE-2025-3621)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-3621

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.