Cyber Resilience

CVE-2025-3621

Critical

Published: 15 July 2025

Published
15 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0029 53.2th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3621 is a critical-severity Command Injection (CWE-77) vulnerability in Protns (inferred from references). Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 46.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-3621 encompasses multiple vulnerabilities in the ActADUR local server product, developed and maintained by ProTNS, that collectively enable remote code inclusion on host systems. The affected issues include improper neutralization of special elements used in a command (CWE-77: Command Injection), use of hard-coded credentials (CWE-798), improper authentication (CWE-287), and binding to an unrestricted IP address (CWE-1327). These flaws impact ActADUR versions from v2.0.1.9 before v2.0.2.0 and have been rated critical with a CVSS v3.1 base score of 9.6 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L).

An attacker on an adjacent network (AV:A) can exploit these vulnerabilities with low complexity (AC:L) and no required privileges or user interaction (PR:N/UI:N). By leveraging the command injection flaw alongside improper authentication, hard-coded credentials, and unrestricted binding, the attacker achieves a scope change (S:C), resulting in high confidentiality and integrity impacts (C:H/I:H) with low availability impact (A:L) on the host system, enabling remote code execution.

The vendor advisory at https://www.protns.com/53 recommends updating to ActADUR version v2.0.2.0 or later to mitigate the vulnerabilities.

EU & UK References

Vulnerability details

Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use of Hard-coded Credentials * Improper Authentication…

more

* Binding to an Unrestricted IP Address The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Command injection (CWE-77) combined with auth bypass (hard-coded creds + improper auth + unrestricted bind) directly enables remote exploitation of the exposed server service for code/command execution (T1210) and arbitrary command interpreter use (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-57199Shared CWE-77
CVE-2025-57201Shared CWE-77
CVE-2024-52325Shared CWE-77
CVE-2025-59468Shared CWE-77
CVE-2026-1324Shared CWE-77
CVE-2025-59818Shared CWE-77
CVE-2026-5184Shared CWE-77
CVE-2016-15057Shared CWE-77
CVE-2024-6107Shared CWE-287
CVE-2025-54416Shared CWE-77

Affected Assets

Protns
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates all vulnerabilities (command injection, hard-coded credentials, improper authentication, unrestricted IP binding) by requiring timely patching to ActADUR v2.0.2.0 or later.

prevent

Prevents command injection (CWE-77) by validating and sanitizing inputs to neutralize special elements used in commands.

prevent

Mitigates hard-coded credentials (CWE-798) and improper authentication (CWE-287) by enforcing secure authenticator management and prohibiting hard-coding.

References