【Security Vulnerability Warning】HGiga｜iSherlock

【Security Vulnerability Warning】HGiga｜iSherlock - OS Command Injection

2025/7/15 ～ 2026/1/15

View Count：38

Forwarded by Taiwan Computer Network Crisis Management and Coordination Center TWCERTCC-200-202507-00000007

[Content Description]
[HGiga｜iSherlock - OS Command Injection] (CVE-2025-7451, CVSS: 9.8) iSherlock developed by HGiga has an OS Command Injection vulnerability, which allows unauthenticated remote attackers to inject arbitrary operating system commands and execute them on the server. This vulnerability has been exploited, please update as soon as possible.

[Affected Platforms]
● Affected Products and Versions:
Hgiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) 4.5, 5.5

● Affected Packages:
iSherlock-4.5:
iSherlock-maillog-4.5 < 137
iSherlock-smtp-4.5 < 732
iSherlock-5.5:
iSherlock-maillog-5.5 < 137
iSherlock-smtp-5.5 < 732

[Suggested Actions]
● Update package iSherlock-maillog-4.5 to version 137 (inclusive) or later
● Update package iSherlock-smtp-4.5 to version 732 (inclusive) or later
● Update package iSherlock-maillog-5.5 to version 137 (inclusive) or later
● Update the package iSherlock-smtp-5.5 to version 732 (inclusive) or later

[References]
https://www.twcert.org.tw/tw/cp-132-10237-9e0f7-1.html

【Security Vulnerability Warning】HGiga｜iSherlock - OS Command Injection

2025/7/15 ～ 2026/1/15

View Count：38

Files

None

【Back】