CVE-2025-63910
Published: 03 March 2026
Summary
CVE-2025-63910 is a high-severity Insufficient Verification of Data Authenticity (CWE-345) vulnerability in Cohesity Tranzman. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Directly requires independent verification of matching output before adverse decisions, mitigating insufficient authenticity checks on data from external sources.
Use of approved PKI certificates provides verifiable data authenticity and origin for communications and artifacts.
Mandates provision of authenticity and integrity artifacts that enable verification of name/address resolution data.
Requires explicit verification of data authenticity from authoritative sources, preventing acceptance of unauthenticated resolution responses.
Control requires verification of data authenticity/integrity (e.g., checksums) after aggregation/packing, directly reducing exploitation of insufficient verification before transmission.
Time synchronization supports reliable freshness verification when checking data authenticity across systems or components.
Mandates verification of data authenticity for software, firmware, and information.
Provenance documentation and monitoring directly enables verification of authenticity for components and data throughout their history.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated arbitrary file upload of crafted patch enables remote code execution on network-accessible appliance (T1190); directly results in arbitrary code/command execution (T1059).
NVD Description
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.
Deeper analysisAI
CVE-2025-63910 is an authenticated arbitrary file upload vulnerability affecting the Cohesity TranZman Migration Appliance Release 4.0 Build 14614. It enables attackers with Administrator privileges to execute arbitrary code by uploading a crafted patch file. The vulnerability is associated with CWE-345 (Insufficient Verification of Data Authenticity) and has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.
Exploitation requires an authenticated attacker with high-privilege Administrator access over the network, with low attack complexity and no user interaction needed. Successful exploitation allows arbitrary code execution on the affected appliance, potentially leading to full system compromise given the high impact ratings across all vectors.
Details on mitigation, advisories, and patches can be found in the following references: https://docs.stoneram.com/index.php/Tranzman, https://gist.github.com/GregDurys/74c36c36bef81293a42022758f2736a9, and https://github.com/GregDurys/Cohesity-TranZman-CVEs. The CVE was published on 2026-03-03T18:16:23.630.
Details
- CWE(s)