CVE-2025-34160 in AnyShareinformación

Resumen

por MITRE • 2025-08-28

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsable

VulnCheck

Reservar

2025-04-15

Divulgación

2025-08-28

Moderación

aceptado

Artículo

VDB-321655

CPE

listo

EPSS

0.00759

KEV

no

Actividades

muy bajo

Fuentes

Do you need the next level of professionalism?

Upgrade your account now!