CVE-2025-7145
Published: 07 July 2025
Summary
CVE-2025-7145 is a high-severity OS Command Injection (CWE-78) vulnerability in Org (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 17.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
ThreatSonar Anti-Ransomware developed by TeamT5 contains an OS command injection vulnerability tracked as CVE-2025-7145 and assigned CWE-78. The flaw permits injection of arbitrary operating system commands through the product platform and carries a CVSS 4.0 score of 8.6 reflecting network attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability.
Remote attackers who already possess intermediate privileges on the product platform can exploit the issue to execute commands on the underlying server and thereby obtain administrative access to the remote host. The EPSS score remains low and unchanged at 0.0166 with no material increase after disclosure.
Taiwan's CERT has published advisories describing the vulnerability at the referenced URLs. No information on patches, workarounds, or confirmed exploitation in the wild is provided in the available data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20167
Vulnerability details
ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gaining administrative access to the remote host.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.