CVE-2025-3621
📋 TL;DR
This critical vulnerability in ActADUR local server allows attackers to execute arbitrary commands on affected systems through multiple weaknesses including command injection, hard-coded credentials, and improper authentication. Systems running ActADUR versions from v2.0.1.9 before v2.0.2.0 are vulnerable, potentially enabling complete system compromise.
💻 Affected Systems
- ActADUR local server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining root/administrator privileges, installing persistent backdoors, stealing sensitive data, and pivoting to other network systems.
Likely Case
Remote code execution leading to data theft, service disruption, and installation of cryptocurrency miners or ransomware.
If Mitigated
Limited impact with proper network segmentation and access controls, potentially only affecting the ActADUR service itself.
🎯 Exploit Status
Multiple attack vectors (command injection, hard-coded credentials, auth bypass) make exploitation straightforward for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.0.2.0 or above
Vendor Advisory: https://www.protns.com/53
Restart Required: Yes
Instructions:
1. Download v2.0.2.0 or later from ProTNS. 2. Backup configuration. 3. Stop ActADUR service. 4. Install update. 5. Restart service. 6. Verify version.
🔧 Temporary Workarounds
Network Isolation
linuxRestrict network access to ActADUR server using firewall rules
iptables -A INPUT -p tcp --dport [ACTADUR_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [ACTADUR_PORT] -j DROP
Service Account Hardening
linuxRun ActADUR under a limited service account with minimal privileges
useradd -r -s /bin/false actadur_user
chown -R actadur_user:actadur_user /opt/actadur/
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to block all external access to ActADUR
- Monitor for suspicious process creation and network connections from ActADUR service account
🔍 How to Verify
Check if Vulnerable:
Check ActADUR version against affected range and review configuration for exposed servicesCheck Version:
actadur --version or check service logs/configuration filesVerify Fix Applied:
Confirm version is v2.0.2.0 or higher and test authentication/authorization controls📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns
- Failed authentication attempts followed by successful access
- Process creation from ActADUR service with unusual parameters
Network Indicators:
- Unexpected outbound connections from ActADUR server
- Traffic to suspicious IPs/domains from ActADUR service
SIEM Query:
source="actadur.log" AND (command="*;*" OR command="*|*" OR command="*`*" OR auth_failure>3)