CVE-2025-3621 is a critical vulnerability affecting the ActADUR local server product developed by ProTNS, specifically versions from v2.0.1.9 up to but not including v2.0.2.0. The vulnerability encompasses multiple security weaknesses, including improper neutralization of special elements used in commands (CWE-77), use of hard-coded credentials (CWE-798), improper authentication (CWE-287), and binding to an unrestricted IP address (CWE-1327). The primary security concern is a command injection flaw that allows an attacker to remotely execute arbitrary code on the host system without requiring authentication or user interaction. This is compounded by the presence of hard-coded credentials and weak authentication mechanisms, which further facilitate unauthorized access. Additionally, binding the service to an unrestricted IP address increases the attack surface by allowing connections from any network source. The CVSS 4.0 base score of 9.4 reflects the critical nature of this vulnerability, highlighting its high impact on confidentiality, integrity, and availability, ease of exploitation over a network, and lack of required privileges or user interaction. Exploitation could lead to complete system compromise, data theft, manipulation, or service disruption. Although no known exploits are currently observed in the wild, the severity and ease of exploitation make it a significant threat. The recommended remediation is to update affected ActADUR instances to version v2.0.2.0 or later, where these issues have been addressed.

For European organizations using the ActADUR product, this vulnerability poses a severe risk. Successful exploitation could lead to unauthorized remote code execution, enabling attackers to gain full control over affected systems. This could result in data breaches, operational disruptions, and potential lateral movement within networks. Given ActADUR’s role as a local server product, critical infrastructure or industrial control systems relying on it could be compromised, impacting availability and safety. The presence of hard-coded credentials and weak authentication exacerbates the risk, making it easier for attackers to bypass security controls. European organizations in sectors such as manufacturing, utilities, or any industry utilizing ProTNS ActADUR servers are particularly vulnerable. The unrestricted IP binding increases exposure, especially if systems are accessible from external or less secure internal networks. The impact extends to regulatory compliance, as breaches involving critical infrastructure or personal data could lead to violations of GDPR and other European cybersecurity regulations, resulting in financial penalties and reputational damage.

1. Immediate upgrade of all affected ActADUR instances to version v2.0.2.0 or later is essential to remediate the vulnerabilities. 2. Conduct a thorough audit of network configurations to ensure that ActADUR servers are not bound to unrestricted IP addresses; restrict binding to trusted internal IP ranges only. 3. Replace or remove any hard-coded credentials by implementing secure credential management practices, including the use of unique, strong passwords and integration with centralized authentication systems where possible. 4. Enhance authentication mechanisms to enforce proper access controls, including multi-factor authentication if supported. 5. Implement network segmentation to isolate ActADUR servers from untrusted networks and limit exposure. 6. Monitor logs and network traffic for unusual activities indicative of exploitation attempts, focusing on command injection patterns and unauthorized access. 7. Develop and test incident response plans specific to ActADUR-related incidents to ensure rapid containment and recovery. 8. Engage with ProTNS support for any additional patches or security advisories and subscribe to vulnerability notifications to stay informed about future updates.