CVE-2025-63909

Published: Mar 3, 2026Modified: Mar 5, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files.

Affected (1)

Products: Cohesity: Tranzman

Cohesity

1 product

Tranzman

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cohesity Tranzman	Version 4.0 build14614

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://gist.github.com/GregDurys/d402038147e36de5908159d9722072ef

Source: cve@mitre.org

Third Party AdvisoryExploit

https://github.com/GregDurys/Cohesity-TranZman-CVEs

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.