Cyber Posture

CVE-2025-11900

Critical

Published: 17 October 2025

Published
17 October 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0053 67.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

Security Summary

CVE-2025-11900 is an OS command injection vulnerability (CWE-78) in iSherlock, a product developed by HGiga. Published on 2025-10-17T04:16:07.050, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges, user interaction, or scope changes. Exploitation enables attackers to inject arbitrary OS commands, which execute directly on the server, granting high-impact control over confidentiality, integrity, and availability.

Advisories from the Taiwan CERT Coordination Center (TWCERT/CC) provide further details on this issue, accessible at https://www.twcert.org.tw/en/cp-139-10441-00aaf-2.html and https://www.twcert.org.tw/tw/cp-132-10440-dd55d-1.html.

Details

CWE(s)
CWE-78

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

Unauthenticated remote OS command injection in a network-exposed product directly enables exploitation of a public-facing application (T1190) and execution via command and scripting interpreter (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References