Critical severity9.6NVD Advisory· Published Jul 15, 2025· Updated Apr 15, 2026

CVE-2025-3621

Description

Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems.

* vulnerabilities: *

Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use of Hard-coded Credentials * Improper Authentication * Binding to an Unrestricted IP Address

The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.protns.com/53nvd

News mentions

No linked articles in our index yet.

Severity

CriticalCVSS v3.1

9.6/ 10

CVSS v49.4

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Adjacent
Complexity: Low
Privileges: None
User interaction: None
Scope: Changed
Confidentiality: High
Integrity: High
Availability: Low

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

EPSS

Probability of exploitation in the next 30 days.

0.30%

VYPR risk score

Composite of severity, exploitation, and reach.

0.62high

cvss	0.624
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-1327
Binding to an Unrestricted IP Address
CWE-287
Improper Authentication
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-798
Use of Hard-coded Credentials

CVE ID

CVE-2025-3621