Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. 


* vulnerabilities:
*

Improper Neutralization of Special Elements used in a Command ('Command Injection')
* Use of Hard-coded Credentials
* Improper Authentication
* Binding to an Unrestricted IP Address



The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
https://www.protns.com/53 cve-icon cve-icon
History

Tue, 15 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00454}


Tue, 15 Jul 2025 07:30:00 +0000

Type Values Removed Values Added
Description Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.  * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use of Hard-coded Credentials * Improper Authentication * Binding to an Unrestricted IP Address The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.
Title Remote Code Execution in ProTNS ActADUR
Weaknesses CWE-1327
CWE-287
CWE-77
CWE-798
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L'}

cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: FSI

Published:

Updated: 2025-07-15T13:30:22.159Z

Reserved: 2025-04-15T00:51:18.177Z

Link: CVE-2025-3621

cve-icon Vulnrichment

Updated: 2025-07-15T13:30:17.976Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-15T08:15:31.917

Modified: 2025-07-15T13:14:24.053

Link: CVE-2025-3621

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.