Home / Vulnerability Intelligence / CVE-2025-63911

CVE-2025-63911 - Vulnerability Analysis

HighCVSS: 7.2

Last Updated: March 5, 2026

Cohesity TranZman Migration Appliance - Command Injection

Published: March 3, 2026Updated: March 5, 2026PoC AvailableRemote Exploitable

Overview

Cohesity TranZman Migration Appliance 4.0 Build 14614 contains an authenticated command injection vulnerability caused by improper input handling, letting authenticated attackers execute arbitrary commands.

Severity & Score

Severity: High

CVSS Score: 7.2

Impact

Authenticated attackers can execute arbitrary commands, potentially leading to full system compromise.

Mitigation

Update to the latest version.

References

https://github.com/GregDurys/Cohesity-TranZman-CVEs
https://gist.github.com/GregDurys/8b7a3022c04b6cee8c1e1af04f5671b2

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-63911
Severity: High
CVSS Score: 7.2
Type: command_injection
Status: confirmed

CWE

CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H