[Security Vulnerability Warning] HGiga | iSherlock

[Security Vulnerability Warning] HGiga | iSherlock - OS Command Injection

2025/10/21 ～ 2026/4/21

View Count：18

Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202510-00000012)

[Description]
[HGiga | iSherlock - OS Command Injection] (CVE-2025-11900, CVSS: 9.8) iSherlock, developed by HGiga, has an OS Command Injection vulnerability. An unauthenticated remote attacker can inject arbitrary operating system commands and execute them on the server.

[Affected Platforms]
● Sherlock 4.5 and iSherlock 55 (including MailSherlock, SpamSherlock, and AuditSherlock)
● iSherlock-smtp-4.5: Versions 774 and earlier
● iSherlock-smtp-5.5: Versions 774 and earlier
● iSherlock-base-4.5: Versions 440 and earlier
● iSherlock-base-5.5: Versions 440 and earlier

[Suggested Actions]
● Update the iSherlock-smtp-4.5 package to version 774 and later
● Update the iSherlock-smtp-5.5 package to version 774 and later
● Update the iSherlock-base-4.5 package to version 440 and later
● Update iSherlock-base-5.5 package to version 440 or later

[Reference]
https://www.twcert.org.tw/tw/cp-132-10440-dd55d-1.html

[Security Vulnerability Warning] HGiga | iSherlock - OS Command Injection

2025/10/21 ～ 2026/4/21

View Count：18

Files

參考資料

【Back】

[Security Vulnerability Warning] HGiga | iSherlock - OS Command Injection

2025/10/21 ～ 2026/4/21

View Count：18

Files

system_update_alt參考資料

【Back】

參考資料