Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.2
Cohesity TranZman Migration Appliance: Untrusted File Upload Risk
CVE-2025-63910
Summary
Attackers with Administrator access can upload malicious files, potentially executing code that can harm the system. This vulnerability affects the Cohesity TranZman Migration Appliance, specifically the 4.0 Build 14614 version. To stay secure, update to the latest version of the appliance as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cohesity | tranzman | 4.0 | – |
Original title
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via up...
Original description
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.
nvd CVSS3.1
7.2
Vulnerability type
CWE-345
- https://docs.stoneram.com/index.php/Tranzman Product
- https://gist.github.com/GregDurys/74c36c36bef81293a42022758f2736a9 Exploit Third Party Advisory
- https://github.com/GregDurys/Cohesity-TranZman-CVEs Third Party Advisory
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026