CVE-2025-54306

CVE-2025-54306 is a high-severity vulnerability in Thermofisher Torrent Suite Software with a CVSS 3.x base score of 7.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.

Key facts

Description

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuration parameters through administrative endpoints. The application allows administrators to modify the server's network configuration through the Django application. This configuration is processed by Bash scripts (TSsetnoproxy and TSsetproxy) that write user-controlled data directly to environment variables without proper sanitization. After updating environment variables, the scripts execute a source command on /etc/environment; if an attacker injects malicious data into environment variables, this command can enable arbitrary command execution. The vulnerability begins with the /admin/network endpoint, which passes user-supplied form data as arguments to subprocess.Popen calls. The user-supplied input is then used to update environment variables in TSsetnoproxy and TSsetproxy, and finally source $environment is executed.

Frequently asked questions

What is CVE-2025-54306?
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuration parameters through administrative endpoints. The application allows administrators to modify the server's network configuration through the Django application. This configuration is processed by Bash scripts (TSsetnoproxy and TSsetproxy) that write user-controlled data directly to environment variables without proper sanitization. After updating environment variables, the scripts execute a source command on /etc/environment; if an attacker injects malicious data into environment variables, this command can enable arbitrary command execution. The vulnerability begins with the /admin/network endpoint, which passes user-supplied form data as arguments to subprocess.Popen calls. The user-supplied input is then used to update environment variables in TSsetnoproxy and TSsetproxy, and finally source $environment is executed.
How severe is CVE-2025-54306?
CVE-2025-54306 has a CVSS 3.x base score of 7.2, rated high severity. It is exploitable over network with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
Is CVE-2025-54306 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (49th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2025-54306?
CVE-2025-54306 affects Thermofisher Torrent Suite Software. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2025-54306?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
Does CVE-2025-54306 have an EU (EUVD) identifier?
Yes. CVE-2025-54306 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-201177.
When was CVE-2025-54306 published?
CVE-2025-54306 was published on 2025-12-04 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Thermofisher Torrent Suite Software

All CVEs affecting Thermofisher Torrent Suite Software →

Other CWE-20 (Improper Input Validation) vulnerabilities

Browse all CWE-20 (Improper Input Validation) vulnerabilities →