Plattform
other
Komponente
actadur
Behoben in
v2.0.2.0
CVE-2025-3621 describes a critical Remote Code Execution (RCE) vulnerability discovered in ActADUR, a local server product developed by ProTNS. This vulnerability allows attackers to execute arbitrary code on affected systems due to issues like command injection and improper authentication. Versions 2.0.1.9 through 2.0.2.0 are vulnerable, and a fix is available in version 2.0.2.0 and later.
The impact of CVE-2025-3621 is severe. Successful exploitation allows an attacker to execute arbitrary code with the privileges of the ActADUR process. This could lead to complete system compromise, data exfiltration, and potential lateral movement within the network. The presence of hardcoded credentials further exacerbates the risk, potentially providing an easy entry point for attackers. The vulnerability's command injection nature mirrors the severity seen in other RCE vulnerabilities, enabling attackers to bypass security controls and gain unauthorized access.
CVE-2025-3621 has been published on 2025-07-15. The vulnerability's critical severity and the presence of multiple exploitable factors (command injection, hardcoded credentials) suggest a potential for active exploitation. Public proof-of-concept exploits are currently unknown, but the ease of exploitation associated with command injection vulnerabilities increases the likelihood of such exploits emerging. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing ActADUR in environments with limited network segmentation are particularly at risk. Legacy configurations that haven't been hardened against command injection attacks are also vulnerable. Shared hosting environments where multiple users share the same ActADUR instance face a heightened risk of compromise.
• windows / supply-chain: Monitor PowerShell execution logs for commands targeting ActADUR processes. Check scheduled tasks for suspicious entries related to ActADUR.
Get-ScheduledTask | Where-Object {$_.TaskName -like '*ActADUR*'}• linux / server: Monitor system logs (journalctl) for unusual command execution patterns related to ActADUR. Use auditd to track file access and modification events for ActADUR binaries.
auditctl -w /path/to/actadur/binary -p wa -k actadur_rce• generic web: Examine access logs for requests containing suspicious command injection payloads targeting ActADUR endpoints. Review error logs for any errors related to command execution failures.
disclosure
Exploit-Status
EPSS
0.32% (54% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-3621 is to immediately upgrade ActADUR to version 2.0.2.0 or a later version. If upgrading is not immediately feasible, consider isolating the ActADUR server from the network to limit potential exposure. While a direct workaround for command injection is unlikely, reviewing and restricting network access to the ActADUR server can reduce the attack surface. Monitor system logs for suspicious activity related to ActADUR, focusing on command execution attempts. After upgrading, confirm the fix by attempting to trigger the vulnerable functionality and verifying that the execution is blocked.
Actualice ActADUR a la versión 2.0.2.0 o superior. Esta actualización corrige las vulnerabilidades de ejecución remota de código, inyección de comandos, uso de credenciales codificadas, autenticación incorrecta y enlace a una dirección IP sin restricciones. La actualización es crítica para proteger su sistema.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-3621 is a critical Remote Code Execution vulnerability affecting ActADUR versions 2.0.1.9 through 2.0.2.0, allowing attackers to execute code on the host system.
If you are running ActADUR version 2.0.1.9 through 2.0.2.0, you are vulnerable to this RCE vulnerability.
Upgrade ActADUR to version 2.0.2.0 or later to resolve this vulnerability. If immediate upgrade is not possible, isolate the server and monitor logs.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a potential for active exploitation.
Refer to the official ProTNS security advisory for detailed information and updates regarding CVE-2025-3621.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.