AnyShare Unauthenticated Remote Code Execution Vulnerability in ServiceAgent API

A critical unauthenticated remote code execution vulnerability has been identified in the AnyShare intelligent content management platform. This vulnerability resides in the ServiceAgent API, which is exposed on port 10250. The issue arises because the endpoint '/api/ServiceAgent/start_service' accepts user-supplied input via POST requests and fails to properly sanitize command-like payloads. As a result, an attacker can inject shell syntax that is executed by the backend, allowing for arbitrary command execution. This vulnerability is believed to affect builds released prior to August 2025, with evidence of exploitation first observed on July 11, 2025.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the server, with the executed commands running in the context of the root user.

Reproduction

To reproduce this vulnerability, send a POST request to the '/api/ServiceAgent/start_service' endpoint with a payload that includes command injection syntax, such as backticks enclosing a command like 'sleep 3'. The server's response should indicate successful execution of the injected command, such as a delay corresponding to the 'sleep' command.

Remediation

Users are advised to upgrade to the latest version of AnyShare. The latest version can be downloaded from the AISHU website.