CVE-2025-3621

Remote Code Execution in ProTNS ActADUR

CVSS 9.4 CRITICALEPSS 0.8%CWE-1327 CWE-287 CWE-77 CWE-798

In short

ProTNS ActADUR server has critical flaws that allow attackers to run malicious code remotely on affected systems. The vulnerabilities stem from improper input validation, hard-coded passwords, weak authentication, and unrestricted network binding.

Technical detail

Multiple vulnerabilities in ActADUR v2.0.1.9 and earlier enable remote code execution: command injection via unvalidated input parameters, hard-coded credentials allowing unauthorized access, improper authentication mechanisms, and binding to unrestricted IP addresses (0.0.0.0). An unauthenticated or low-privileged attacker can exploit these to achieve arbitrary code execution on the host system. Remediation requires upgrading to v2.0.2.0 or later.

Summary generated and translated by AI from the official description.

Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use of Hard-coded Credentials * Improper Authentication * Binding to an Unrestricted IP Address The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

Affected products

ProTNS · ActADUR

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.protns.com/53