Login Sign Up

CVE-2025-1845

6.3 MEDIUM
Remote Code Execution

📋 TL;DR

This critical vulnerability in ESAFENET DSM 3.1.2 allows remote attackers to execute arbitrary commands via command injection in the examExportPDF function. Attackers can exploit this to gain unauthorized access and control over affected systems. Organizations using ESAFENET DSM 3.1.2 are at risk.

💻 Affected Systems

Products:
  • ESAFENET DSM
Versions: 3.1.2
Operating Systems: Unknown
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the /admin/plan/examExportPDF endpoint with the 's' parameter.

📦 What is this software?

Dsm by Esafenet

View all CVEs affecting Dsm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands, steal sensitive data, install malware, or pivot to other systems in the network.

🟠

Likely Case

Remote code execution leading to data exfiltration, system disruption, or deployment of ransomware.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege, and monitoring are in place, though exploitation remains possible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub, making this easily exploitable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch is available. Monitor vendor communications for updates and apply immediately when released.

🔧 Temporary Workarounds

Block Access to Vulnerable Endpoint

all

Restrict access to the /admin/plan/examExportPDF endpoint using web application firewall (WAF) rules or network controls.

Input Validation and Sanitization

all

Implement strict input validation and sanitization for the 's' parameter to prevent command injection.

🧯 If You Can't Patch

  • Isolate affected systems from the internet and restrict network access to only necessary services.
  • Implement strict monitoring and alerting for suspicious activity on the /admin/plan/examExportPDF endpoint.

🔍 How to Verify

Check if Vulnerable:

Check if ESAFENET DSM version 3.1.2 is installed and if the /admin/plan/examExportPDF endpoint is accessible.

Check Version:

Check the ESAFENET DSM administration interface or configuration files for version information.

Verify Fix Applied:

Verify that the vendor has released a patched version and that the /admin/plan/examExportPDF endpoint no longer accepts malicious input.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to /admin/plan/examExportPDF
  • Commands executed from the web process

Network Indicators:

  • Suspicious HTTP requests to /admin/plan/examExportPDF with command injection payloads

SIEM Query:

source="web_logs" AND uri="/admin/plan/examExportPDF" AND (payload="|" OR payload="$" OR payload="&")

📊 Metadata

CVE ID: CVE-2025-1845
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 1.21% exploit probability (78.7th percentile)
Published: March 3, 2025
Last Updated: May 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1845, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)