Date Posted: 2025/10/22

[Vulnerability Alert] Han-Kuang Technology | iSherlock - OS Command Injection

  • Subject: [Vulnerability Alert] Han-Kuang Technology | iSherlock - OS Command Injection


  • Content:
    • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202510-00000012
    • [Han-Kuang Technology | iSherlock - OS Command Injection] (CVE-2025-11900, CVSS: 9.8) iSherlock developed by Han-Kuang Technology has an OS Command Injection vulnerability, allowing an unauthenticated remote attacker to inject arbitrary operating system commands and execute them on the server.
  • Affected Platforms:
    • Sherlock 4.5 and iSherlock 55 (Including MailSherlock, SpamSherlock, AuditSherlock)
    • iSherlock-smtp-4.5: Versions prior to 774 (exclusive)
    • iSherlock-smtp-5.5: Versions prior to 774 (exclusive)
    • iSherlock-base-4.5: Versions prior to 440 (exclusive)
    • iSherlock-base-5.5: Versions prior to 440 (exclusive)
  • Recommended Action:
    • Update iSherlock-smtp-4.5 package to version 774 (inclusive) or later
    • Update iSherlock-smtp-5.5 package to version 774 (inclusive) or later
    • Update iSherlock-base-4.5 package to version 440 (inclusive) or later
    • Update iSherlock-base-5.5 package to version 440 (inclusive) or later
  • References:
    1. Han-Kuang Technology | iSherlock - OS Command Injection: https://www.twcert.org.tw/tw/cp-132-10452-9c3d4-1.html

Computer and Communications Center
Network Systems Group