CVE-2025-34160 in AnyShareinfo

Zusammenfassung

von MITRE • 28.08.2025

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Zuständig

VulnCheck

Reservieren

15.04.2025

Veröffentlichung

28.08.2025

Moderieren

akzeptiert

Eintrag

VDB-321655

CPE

bereit

EPSS

0.00759

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!