Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Cohesity TranZman Migration Appliance: Privilege Escalation and Data Theft Risk
CVE-2025-63909
Summary
An issue in a specific component of the Cohesity TranZman Migration Appliance allows attackers to gain full control of the system and access sensitive files. This could allow them to delete or modify important data or disrupt the appliance's operation. To protect your data, update to a fixed version of the appliance as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cohesity | tranzman | 4.0 | – |
Original title
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and wr...
Original description
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files.
nvd CVSS3.1
7.8
Vulnerability type
CWE-269
Improper Privilege Management
- https://gist.github.com/GregDurys/d402038147e36de5908159d9722072ef Third Party Advisory Exploit
- https://github.com/GregDurys/Cohesity-TranZman-CVEs Third Party Advisory
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026