CVE-2025-34160P1CRITICALCVSS 10.0Exploited≤ 2025-082025-08-27
CVE-2025-34160 [CRITICAL] CWE-78 CVE-2025-34160: AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted by the backend, enabling arbitrary comm
nvd