Description
Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.
* vulnerabilities:
*
Improper Neutralization of Special Elements used in a Command ('Command Injection')
* Use of Hard-coded Credentials
* Improper Authentication
* Binding to an Unrestricted IP Address
The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2025-3621, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2025-3621 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.
References:
- https://capec.mitre.org/data/definitions/136.html
- https://capec.mitre.org/data/definitions/15.html
- https://capec.mitre.org/data/definitions/183.html
- https://capec.mitre.org/data/definitions/248.html
- https://capec.mitre.org/data/definitions/40.html
- https://capec.mitre.org/data/definitions/43.html
- https://capec.mitre.org/data/definitions/75.html
- https://capec.mitre.org/data/definitions/76.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-3621