CVE-2025-7451 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-7451 PUBLISHED CVSS 9.300000190734863 CRITICAL

The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability has already been exploited. Please update immediately.

EPSS 0.34% · 56.6th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.34%

56.6th percentile

Affected Products

Vendor	Product	Versions
Hgiga	iSherlock-maillog-4.5	0, 0
Hgiga	iSherlock-smtp-5.5	0, 0
Hgiga	iSherlock-smtp-4.5	0, 0
Hgiga	iSherlock-maillog-5.5	0, 0

Timeline

Jul 11, 2025 VulnCheck KEV Exploitation
Jul 14, 2025 EPSS Score
Jul 14, 2025 CVE Published
Jul 14, 2025 CVE Updated
Jul 15, 2025 PoC Published
Jul 23, 2025 EPSS Score
Aug 1, 2025 EPSS Score
Aug 9, 2025 EPSS Score
Aug 18, 2025 EPSS Score
Aug 27, 2025 EPSS Score
Sep 5, 2025 EPSS Score
Sep 13, 2025 EPSS Score

References

https://www.twcert.org.tw/tw/cp-132-10237-9e0f7-1.html third-party-advisory
https://www.twcert.org.tw/en/cp-139-10238-f2bba-2.html third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-7451 advisory

Open in Interactive Console →