CVE-2025-7451
CRITICAL EXPLOITEDHgiga iSherlock < 4.5-137, < 5.5-137 - Unauthenticated OS Command Injection
Title source: llmExploitation Summary
CVE-2025-7451 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability has already been exploited. Please update immediately.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://www.twcert.org.tw/tw/cp-132-10237-9e0f7-1.html
Various Sources third-party-advisory
https://www.twcert.org.tw/en/cp-139-10238-f2bba-2.html
Scores
CVSS v3
9.8
EPSS
0.0141
EPSS Percentile
69.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2025-07-11
CWE
CWE-78
Status
published
Products (4)
Hgiga/iSherlock-maillog-4.5
< 137
Hgiga/iSherlock-maillog-5.5
< 137
Hgiga/iSherlock-smtp-4.5
< 732
Hgiga/iSherlock-smtp-5.5
< 732
Published
Jul 14, 2025
Tracked Since
Feb 18, 2026