What is the CVSS score of CVE-2025-63910?

CVE-2025-63910 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Tranzman are affected by CVE-2025-63910?

Tranzman versions up to 4.0 contain a critical authentication vulnerability (CVE-2025-63910) that allows attackers to bypass data integrity verification.

Is there a public PoC exploit available for CVE-2025-63910?

Yes, a public proof-of-concept exploit is available for CVE-2025-63910. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-63910?

Within 24 hours: Inventory all Tranzman instances and identify those running version 4.0 or earlier; isolate affected systems from production networks if operationally feasible. Within 7 days: Contact Tranzman vendor for patch ETA and interim security guidance; implement network segmentation to restrict Tranzman access to authorized users only. Within 30 days: Upgrade to patched version when available; conduct security audit of systems that may have been compromised via this vulnerability.

Tranzman CVE-2025-63910

HIGH

Insufficient Verification of Data Authenticity (CWE-345)

2026-03-03 cve@mitre.org

Authentication Bypass RCE File Upload Tranzman

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

PoC Detected

Mar 05, 2026 - 00:25 vuln.today

Public exploit code

CVE Published

Mar 03, 2026 - 18:16 nvd

HIGH 7.2

DescriptionNVD

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.

AnalysisAI

Tranzman versions up to 4.0 is affected by insufficient verification of data authenticity (CVSS 7.2).

Technical ContextAI

This vulnerability (CWE-345: Insufficient Verification of Data Authenticity) affects Tranzman. An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.

RemediationAI

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.

CVE-2025-63910 vulnerability details – vuln.today

Back

Tranzman CVE-2025-63910

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code