CVE-2025-3363

Published Apr 8, 2025

Last updated 3 months ago

CVSS critical 9.8

Overview

Description
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
Source
twcert@cert.org.tw
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

twcert@cert.org.tw
CWE-78

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-3363 ⚠️🔴 CRITICAL (9.8) 🏢 HGiga - iSherlock 4.5 🏗️ 0 🔗 https://t.co/JW4YIBrVdB 🔗 https://t.co/5AEqI4TplL #CyberCron #VulnAlert #InfoSec https://t.co/KtLxbe4xtW

    @cybercronai

    8 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.