How to fix CVE-2025-63910?

Within 24 hours: Inventory all Tranzman instances and identify those running version 4.0 or earlier; isolate affected systems from production networks if operationally feasible. Within 7 days: Contact Tranzman vendor for patch ETA and interim security guidance; implement network segmentation to restrict Tranzman access to authorized users only. Within 30 days: Upgrade to patched version when available; conduct security audit of systems that may have been compromised via this vulnerability.

Is Tranzman affected by CVE-2025-63910?

Tranzman versions up to 4.0 contain a critical authentication vulnerability (CVE-2025-63910) that allows attackers to bypass data integrity verification.

CVE-2025-63910

HIGH

2026-03-03 [email protected]

7.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

PoC Detected

Mar 05, 2026 - 00:25 vuln.today

Public exploit code

CVE Published

Mar 03, 2026 - 18:16 nvd

HIGH 7.2

Description

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.

Analysis

Tranzman versions up to 4.0 is affected by insufficient verification of data authenticity (CVSS 7.2).

Technical Context

This vulnerability (CWE-345: Insufficient Verification of Data Authenticity) affects Tranzman. An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.

Affected Products

Vendor: Cohesity. Product: Tranzman. Versions: up to 4.0.

Remediation

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: +20

CVE-2025-63910 vulnerability details – vuln.today

Back

CVE-2025-63910

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-63910

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code