CVE-2025-63910
Published: 03 March 2026
Summary
CVE-2025-63910 is a high-severity Insufficient Verification of Data Authenticity (CWE-345) vulnerability in Cohesity Tranzman. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
CVE-2025-63910 is an authenticated arbitrary file upload vulnerability affecting the Cohesity TranZman Migration Appliance Release 4.0 Build 14614. It enables attackers with Administrator privileges to execute arbitrary code by uploading a crafted patch file. The vulnerability is associated with CWE-345 (Insufficient Verification of Data Authenticity) and has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.
Exploitation requires an authenticated attacker with high-privilege Administrator access over the network, with low attack complexity and no user interaction needed. Successful exploitation allows arbitrary code execution on the affected appliance, potentially leading to full system compromise given the high impact ratings across all vectors.
Details on mitigation, advisories, and patches can be found in the following references: https://docs.stoneram.com/index.php/Tranzman, https://gist.github.com/GregDurys/74c36c36bef81293a42022758f2736a9, and https://github.com/GregDurys/Cohesity-TranZman-CVEs. The CVE was published on 2026-03-03T18:16:23.630.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208242
Vulnerability details
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated arbitrary file upload of crafted patch enables remote code execution on network-accessible appliance (T1190); directly results in arbitrary code/command execution (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires cryptographic signing and verification of patch files before installation, directly blocking crafted unauthenticated uploads that lead to code execution.
Mandates integrity verification of software/firmware (including patches) using digital signatures or hashes, preventing execution of malicious files exploiting CWE-345.
Enforces validation of all input data (file contents, format, and metadata) during patch uploads, mitigating arbitrary file upload vectors that bypass authenticity checks.