Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Hgiga iSherlock OS Command Injection Vulnerability

Vulnerability

Exploited

A command injection vulnerability has been identified in iSherlock, a product developed by Hgiga, including its components MailSherlock, SpamSherlock, and AuditSherlock, in versions 4.5 and 5.5. This vulnerability allows unauthenticated remote attackers to inject and execute arbitrary operating system commands on the server. The issue has already been exploited, and users are urged to update immediately.

Impact

Exploitation of this vulnerability allows for unauthorized remote execution of operating system commands on the server where iSherlock is installed.

Remediation

Users should update the iSherlock package to version 4.5 (iSherlock-maillog-4.5 to version 137 or later, and iSherlock-smtp-4.5 to version 732 or later) or version 5.5 (iSherlock-maillog-5.5 to version 137 or later, and iSherlock-smtp-5.5 to version 732 or later).

Added: Jul 14, 2025, 3:19 AM

Updated: Jul 14, 2025, 3:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

9.1

remediation

7.7

relevance

0.2

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

9.1

remediation

7.7

relevance

0.2

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Hgiga iSherlock OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating