CVE-2025-11900

🗓️ 17 Oct 2025 03:50:44Reported by twcertType

CVE-2025-11900: HGiga iSherlock OS command injection enables unauthenticated remote execution.

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2025-11900	17 Oct 202504:34	–	circl
CNNVD	HGiga iSherlock 操作系统命令注入漏洞	17 Oct 202500:00	–	cnnvd
Cvelist	CVE-2025-11900 HGiga｜iSherlock - OS Command Injection	17 Oct 202503:50	–	cvelist
EUVD	EUVD-2025-34858	17 Oct 202503:50	–	euvd
NVD	CVE-2025-11900	17 Oct 202504:16	–	nvd
RedhatCVE	CVE-2025-11900	18 Oct 202504:45	–	redhatcve
Vulnrichment	CVE-2025-11900 HGiga｜iSherlock - OS Command Injection	17 Oct 202503:50	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "packageName": "iSherlock-smtp-4.5",
    "product": "iSherlock 4.5",
    "vendor": "HGiga",
    "versions": [
      {
        "lessThan": "774",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "iSherlock-base-4.5",
    "product": "iSherlock 4.5",
    "vendor": "HGiga",
    "versions": [
      {
        "lessThan": "440",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "iSherlock-smtp-5.5",
    "product": "iSherlock 5.5",
    "vendor": "HGiga",
    "versions": [
      {
        "lessThan": "774",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "iSherlock-base-5.5",
    "product": "iSherlock 5.5",
    "vendor": "HGiga",
    "versions": [
      {
        "lessThan": "440",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
twcert	www.twcert.org.tw/en/cp-139-10441-00aaf-2.html
twcert	www.twcert.org.tw/tw/cp-132-10440-dd55d-1.html

15 Apr 2026 00:35Current

7.5High risk

Vulners AI Score7.5

CVSS 49.3

CVSS 3.19.8

EPSS0.00413

SSVC

CWE-78