【Vulnerability Alert】Hgiga Technology｜iSherlock - OS Command Injection Vulnerability

• Subject: 【Vulnerability Alert】Hgiga Technology｜iSherlock - OS Command Injection Vulnerability

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000007
  • 【Hgiga Technology｜iSherlock - OS Command Injection】(CVE-2025-7451, CVSS: 9.8) Hgiga Technology's iSherlock has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary operating system commands and execute them on the server. This vulnerability has been exploited, please update as soon as possible.
• Affected Platforms:
  • Affected products and versions:
    • Hgiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) 4.5, 5.5
  • Affected packages:
    • iSherlock-4.5:
    • iSherlock-maillog-4.5 137
    • iSherlock-smtp-4.5 732
    • iSherlock-5.5:
    • iSherlock-maillog-5.5 137
    • iSherlock-smtp-5.5 732
• Suggested Measures:
  • Update package iSherlock-maillog-4.5 to version 137 (inclusive) and later
  • Update package iSherlock-smtp-4.5 to version 732 (inclusive) and later
  • Update package iSherlock-maillog-5.5 to version 137 (inclusive) and later
  • Update package iSherlock-smtp-5.5 to version 732 (inclusive) and later
• References:
  • https://www.twcert.org.tw/tw/cp-132-10237-9e0f7-1.html

Computer and Communications Center
Network Systems Division Respectfully