Cyber Resilience

CVE-2025-34160

CriticalPublic PoCRCE

Published: 27 August 2025

Published
27 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0195 83.9th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34160 is a critical-severity OS Command Injection (CWE-78) vulnerability in Cn Sec (inferred from references). Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 16.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads, allowing shell syntax injection that is interpreted by the backend. The issue is presumed to affect builds released prior to August 2025 and is stated to be remediated in newer versions, though the exact affected range remains undefined. It is tracked under CWE-78 with a CVSS 4.0 score of 10.0.

An attacker with network access can send a crafted POST request to the exposed endpoint and achieve arbitrary command execution on the target system without authentication or user interaction. This enables full compromise of confidentiality, integrity, and availability on the affected host and potentially adjacent systems.

Advisories from VulnCheck and related sources indicate that the vulnerability is addressed in versions released after August 2025, with the vendor pages for AnyShare recommending upgrade to current builds. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 UTC, prior to public disclosure. The associated EPSS score has remained flat at 0.0195 with no material increase.

EU & UK References

Vulnerability details

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted…

more

by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 UTC.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Cn Sec
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References