← back
CVE-2025-7145

TeamT5|ThreatSonar Anti-Ransomware - OS Command Injection

CVSS 8.6 HIGHEPSS 1.1%CWE-78
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gaining administrative access to the remote host.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
TeamT5 · ThreatSonar Anti-Ransomware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/en/cp-139-10232-f99c0-2.htmlhttps://www.twcert.org.tw/tw/cp-132-10231-a15c8-1.html