FKIE_CVE-2025-34160

Vulnerability from fkie_nvd - Published: 2025-08-27 22:15 - Updated: 2025-08-29 16:24
Severity ?
10.0 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 UTC.
References
disclosure@vulncheck.comhttps://cn-sec.com/archives/4320091.html
disclosure@vulncheck.comhttps://stack.chaitin.com/vuldb/detail/b4640952-9be9-4bfa-9d7f-a0be72b35e18
disclosure@vulncheck.comhttps://www.aishu.cn/cn
disclosure@vulncheck.comhttps://www.aishutech.com/en/anyshare-family7
disclosure@vulncheck.comhttps://www.vulncheck.com/advisories/anyshare-serviceagent-api-unauthenticated-rce
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined.\u00a0Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 UTC."
    },
    {
      "lang": "es",
      "value": "AnyShare contiene una vulnerabilidad cr\u00edtica de ejecuci\u00f3n remota de c\u00f3digo no autenticada en la API de ServiceAgent expuesta en el puerto 10250. El endpoint /api/ServiceAgent/start_service acepta entradas proporcionadas por el usuario v\u00eda POST y no logra depurar cargas \u00fatiles de tipo comando. Un atacante puede inyectar sintaxis de shell que es interpretada por el backend, lo que permite la ejecuci\u00f3n de comandos arbitrarios. La vulnerabilidad se presume que afecta a las compilaciones lanzadas antes de agosto de 2025 y se dice que est\u00e1 remediada en versiones m\u00e1s nuevas del producto, aunque el rango exacto afectado permanece indefinido. Se observ\u00f3 por primera vez una evidencia de explotaci\u00f3n por la Shadowserver Foundation el 11 de julio de 2025 UTC."
    }
  ],
  "id": "CVE-2025-34160",
  "lastModified": "2025-08-29T16:24:09.860",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-27T22:15:57.187",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://cn-sec.com/archives/4320091.html"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://stack.chaitin.com/vuldb/detail/b4640952-9be9-4bfa-9d7f-a0be72b35e18"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.aishu.cn/cn"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.aishutech.com/en/anyshare-family7"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.vulncheck.com/advisories/anyshare-serviceagent-api-unauthenticated-rce"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.