cbcvebase.

Cohesity Tranzman vulnerabilities

5 known vulnerabilities affecting cohesity/tranzman.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5

Vulnerabilities

Page 1 of 1
CVE-2025-67840P2HIGHCVSS 7.2v4.02026-03-03
CVE-2025-67840 [HIGH] CWE-78 CVE-2025-67840: Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ra Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints (including Scheduler and Actions pages). The appliance directly concatenates user-controlled parameters into system commands without sufficient sanitisati
nvd
CVE-2025-63911P3HIGHCVSS 7.2v4.02026-03-03
CVE-2025-63911 [HIGH] CWE-78 CVE-2025-63911: Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authentic Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability.
nvd
CVE-2025-63910P3HIGHCVSS 7.2v4.02026-03-03
CVE-2025-63910 [HIGH] CWE-345 CVE-2025-63910: An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Releas An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.
nvd
CVE-2025-63909P3HIGHCVSS 7.8v4.02026-03-03
CVE-2025-63909 [HIGH] CWE-269 CVE-2025-63909: Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files.
nvd
CVE-2025-63912P3HIGHCVSS 7.5v4.02026-03-03
CVE-2025-63912 [HIGH] CWE-327 CVE-2025-63912: Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptogra Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials.
nvd
Cohesity Tranzman vulnerabilities | cvebase