CVE-2025-3621
Published: 15 July 2025
Summary
CVE-2025-3621 is a critical-severity Command Injection (CWE-77) vulnerability in Protns (inferred from references). Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 33.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates all vulnerabilities (command injection, hard-coded credentials, improper authentication, unrestricted IP binding) by requiring timely patching to ActADUR v2.0.2.0 or later.
Prevents command injection (CWE-77) by validating and sanitizing inputs to neutralize special elements used in commands.
Mitigates hard-coded credentials (CWE-798) and improper authentication (CWE-287) by enforcing secure authenticator management and prohibiting hard-coding.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection (CWE-77) combined with auth bypass (hard-coded creds + improper auth + unrestricted bind) directly enables remote exploitation of the exposed server service for code/command execution (T1210) and arbitrary command interpreter use (T1059).
NVD Description
Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use of Hard-coded Credentials * Improper Authentication…
more
* Binding to an Unrestricted IP Address The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.
Deeper analysisAI
CVE-2025-3621 encompasses multiple vulnerabilities in the ActADUR local server product, developed and maintained by ProTNS, that collectively enable remote code inclusion on host systems. The affected issues include improper neutralization of special elements used in a command (CWE-77: Command Injection), use of hard-coded credentials (CWE-798), improper authentication (CWE-287), and binding to an unrestricted IP address (CWE-1327). These flaws impact ActADUR versions from v2.0.1.9 before v2.0.2.0 and have been rated critical with a CVSS v3.1 base score of 9.6 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L).
An attacker on an adjacent network (AV:A) can exploit these vulnerabilities with low complexity (AC:L) and no required privileges or user interaction (PR:N/UI:N). By leveraging the command injection flaw alongside improper authentication, hard-coded credentials, and unrestricted binding, the attacker achieves a scope change (S:C), resulting in high confidentiality and integrity impacts (C:H/I:H) with low availability impact (A:L) on the host system, enabling remote code execution.
The vendor advisory at https://www.protns.com/53 recommends updating to ActADUR version v2.0.2.0 or later to mitigate the vulnerabilities.
Details
- CWE(s)