CVE-2025-34160
Published: 27 August 2025
Summary
CVE-2025-34160 is a critical-severity OS Command Injection (CWE-78) vulnerability in Cn Sec (inferred from references). Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 16.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads, allowing shell syntax injection that is interpreted by the backend. The issue is presumed to affect builds released prior to August 2025 and is stated to be remediated in newer versions, though the exact affected range remains undefined. It is tracked under CWE-78 with a CVSS 4.0 score of 10.0.
An attacker with network access can send a crafted POST request to the exposed endpoint and achieve arbitrary command execution on the target system without authentication or user interaction. This enables full compromise of confidentiality, integrity, and availability on the affected host and potentially adjacent systems.
Advisories from VulnCheck and related sources indicate that the vulnerability is addressed in versions released after August 2025, with the vendor pages for AnyShare recommending upgrade to current builds. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 UTC, prior to public disclosure. The associated EPSS score has remained flat at 0.0195 with no material increase.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-26142
Vulnerability details
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted…
more
by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 UTC.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.