HGiga｜iSherlock – OS Command Injection_CVE-2025-11900

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Basic Information

ID CVE-2025-11900

Source twcert

Published Oct 17, 2025 at 03:50

Affected Product

Vendor HGiga

Product iSherlock 4.5

Affected Versions HGiga iSherlock 4.5 0
HGiga iSherlock 4.5 0
HGiga iSherlock 5.5 0
HGiga iSherlock 5.5 0

CWE Classification

CWE-78

References

{
    "lastseen": "",
    "description": "The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.",
    "published": "2025-10-17T03:50:44.524Z",
    "modified": "2025-10-17T03:50:44.524Z",
    "type": "cve",
    "title": "HGiga\uff5ciSherlock - OS Command Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10440-dd55d-1.html\nhttps://www.twcert.org.tw/en/cp-139-10441-00aaf-2.html",
    "id": "CVE-2025-11900",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "HGiga iSherlock 4.5 0\nHGiga iSherlock 4.5 0\nHGiga iSherlock 5.5 0\nHGiga iSherlock 5.5 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iSherlock 4.5",
    "version": "0",
    "vendor": "HGiga",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}