go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Hgiga|iSherlock - OS Command Injection

TVN ID TVN-202507003
CVE ID CVE-2025-7451
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products

Affected Product:
     Hgiga iSherlock (Including MailSherlock、SpamSherlock、AuditSherlock)4.5、5.5

Affected Package:
    iSherlock-4.5:
          iSherlock-maillog-4.5 < 137
          iSherlock-smtp-4.5 < 732
    iSherlock-5.5:
        iSherlock-maillog-5.5 < 137
        iSherlock-smtp-5.5 < 732
Description The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability has already been exploited. Please update immediately.
Solution Update package iSherlock-maillog-4.5 to version 137 or later
Update package iSherlock-smtp-4.5 to version 732 or later
Update package iSherlock-maillog-5.5 to version 137 or later
Update package iSherlock-smtp-5.5 to version 732 or later
Credit 謝庭維 (CHT Security)
Public Date 2025-07-11

Links

  1. CVE-2025-7451
Top