CVE-2025-63909
Published: 03 March 2026
Summary
CVE-2025-63909 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Cohesity Tranzman. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Policy addresses roles, responsibilities, and privilege management to prevent improper privilege assignments.
Access supervision ensures privileges are assigned and managed without improper escalation or retention.
Assigning group/role memberships and access authorizations (privileges) while reviewing accounts addresses improper privilege management.
Enforces proper privilege management by requiring all decisions through the verified reference monitor.
By mandating division of duties across roles, the control enforces proper privilege management and prevents a single entity from controlling an entire sensitive process.
Implements core proper privilege management by restricting to only required rights.
Policy requires training on privilege management and least privilege, making it harder to exploit improper privilege management weaknesses.
Training covers proper privilege management practices, making incorrect privilege assignments less likely.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct mapping to exploitation of improper privilege management (CWE-269) for root escalation and arbitrary file access on a network-reachable appliance component.
NVD Description
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files.
Deeper analysisAI
CVE-2025-63909 is an incorrect access control vulnerability affecting the /opt/SRLtzm/bin/TapeDumper component in Cohesity TranZman Migration Appliance Release 4.0 Build 14614. This flaw, linked to CWE-269 (Improper Privilege Management), enables privilege escalation to root privileges along with the ability to read and write arbitrary files on the affected system. The vulnerability carries a CVSS v3.1 base score of 7.2 (High), reflecting network accessibility, low attack complexity, and high impacts on confidentiality, integrity, and availability.
Exploitation requires high privileges (PR:H), allowing a privileged attacker with network access to the appliance to trigger the issue without user interaction. Successful exploitation grants root-level access, enabling full arbitrary file read and write operations, which could lead to complete system compromise, data exfiltration, or persistent backdoor installation.
Mitigation details and advisories are documented in the referenced sources, including a GitHub Gist at https://gist.github.com/GregDurys/d402038147e36de5908159d9722072ef and the Cohesity TranZman CVEs repository at https://github.com/GregDurys/Cohesity-TranZman-CVEs. Security practitioners should consult these for patch availability or workarounds specific to Release 4.0 Build 14614.
Details
- CWE(s)