Home / Vulnerability Intelligence / CVE-2025-63910

CVE-2025-63910 - Vulnerability Analysis

HighCVSS: 7.2

Last Updated: March 5, 2026

Cohesity TranZman Migration Appliance - Unrestricted File Upload

Published: March 3, 2026Updated: March 5, 2026PoC AvailableRemote Exploitable

Overview

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 contains an unrestricted file upload vulnerability caused by authenticated arbitrary file upload, letting attackers with Administrator privileges execute arbitrary code via crafted patch file.

Severity & Score

Severity: High

CVSS Score: 7.2

Impact

Attackers with Administrator privileges can execute arbitrary code, potentially leading to full system compromise.

Mitigation

Update to the latest version.

References

https://github.com/GregDurys/Cohesity-TranZman-CVEs
https://docs.stoneram.com/index.php/Tranzman
https://gist.github.com/GregDurys/74c36c36bef81293a42022758f2736a9

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-63910
Severity: High
CVSS Score: 7.2
Type: unrestricted_file_upload
Status: confirmed

CWE

CWE-345

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H