CVE-2025-63909
HIGH WAF: Low
CVSS 7.8
Published: 2026-03-03
CWE-269
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| cohesity | tranzman | 4.0 |
References
- gist.github.com (Third Party Advisory, Exploit)
- github.com (Third Party Advisory)