top of page
perceptive_background_267k.jpg

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privil…

Published:

2 March 2026 at 23:00:00

Alert date:

3 March 2026 at 22:05:24

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Database & Storage

CVE-2025-63910 is an authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614. The vulnerability allows attackers with Administrator privileges to execute arbitrary code by uploading a crafted patch file. This represents a high-severity security flaw that could lead to complete system compromise when exploited by privileged users. The vulnerability affects the file upload mechanism in the migration appliance, potentially allowing malicious code execution through specially crafted patch files.

Technical details

Mitigation steps:

Affected products:

Cohesity TranZman Migration Appliance

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-63910
https://docs.stoneram.com/index.php/Tranzman
https://gist.github.com/GregDurys/74c36c36bef81293a42022758f2736a9
https://github.com/GregDurys/Cohesity-TranZman-CVEs

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page