CVE-2025-3621
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-15

Last updated on: 2025-07-15

Assigner: FSI

Description
Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.Β  * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use of Hard-coded Credentials * Improper Authentication * Binding to an Unrestricted IP Address The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-15
Last Modified
2025-07-15
Generated
2026-05-07
AI Q&A
2025-07-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-3621
EUVD
EUVD-2025-21419
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
protns actadur 2.0.1.9
protns actadur 2.0.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-1327 The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the ActADUR local server product allows attackers to perform Remote Code Inclusion on host systems. It involves multiple security issues such as command injection, use of hard-coded credentials, improper authentication, and binding to an unrestricted IP address. These flaws enable unauthorized remote attackers to execute arbitrary code on affected systems without user interaction.


How can this vulnerability impact me? :

Exploitation of this vulnerability can lead to critical impacts including unauthorized remote code execution, which may allow attackers to take control of the affected system, escalate privileges, access sensitive data, disrupt services, or deploy further attacks within the network.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the ActADUR local server product to version v2.0.2.0 or above, as versions from v2.0.1.9 before v2.0.2.0 are affected. Additionally, leverage ActADUR's policy management features to restrict privilege elevation only to approved applications and URLs, monitor privilege elevation execution logs, and enforce strict control over administrator rights to reduce the risk of exploitation. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart