VDB
CVE-2025-7451
CVE-2025-7451
PUBLISHED
CVSS 9.300000190734863 CRITICAL
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability has already been exploited. Please update immediately.
EPSS 1.07% · 78.1th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
1.07%
78.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hgiga | iSherlock-maillog-4.5 | 0, 0 |
| Hgiga | iSherlock-smtp-5.5 | 0, 0 |
| Hgiga | iSherlock-smtp-4.5 | 0, 0 |
| Hgiga | iSherlock-maillog-5.5 | 0, 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-7451 (circl-sighting)
- https://www.twcert.org.tw/en/cp-139-10238-f2bba-2.html (circl)
- https://www.twcert.org.tw/tw/cp-132-10237-9e0f7-1.html (vulncheck)
- (vulncheck-reported-exploitation)
Timeline
- Jul 11, 2025 VulnCheck KEV Exploitation
- Jul 14, 2025 EPSS Score
- Jul 14, 2025 CVE Published
- Jul 14, 2025 CVE Updated
- Jul 15, 2025 PoC Published
- Jul 23, 2025 EPSS Score
- Aug 2, 2025 EPSS Score
- Aug 11, 2025 EPSS Score
- Aug 20, 2025 EPSS Score
- Aug 30, 2025 EPSS Score
- Sep 8, 2025 EPSS Score
- Sep 17, 2025 EPSS Score
References
- https://www.twcert.org.tw/tw/cp-132-10237-9e0f7-1.html third-party-advisory
- https://www.twcert.org.tw/en/cp-139-10238-f2bba-2.html third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-7451 advisory