A critical remote code execution vulnerability, identified as CVE-2025-52385, has been discovered in Studio 3T version 2025.1.0 and earlier. This flaw allows an unauthenticated remote attacker to execute arbitrary code on the affected system, potentially leading to a complete system compromise, data theft, and further network intrusion. Due to the high severity (CVSS 9.8), immediate remediation is required to prevent exploitation.

The vulnerability exists within the application's handling of data passed to the child_process module. A remote attacker can send a specially crafted payload to the application, which fails to properly sanitize the input. This input is then passed directly to a system command, allowing the attacker to inject and execute arbitrary commands with the privileges of the application's user account.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a catastrophic impact on the business. An attacker could gain complete control over the affected server, leading to the theft of sensitive data, deployment of ransomware, disruption of services, and use of the compromised system as a pivot point to attack other internal network resources. The potential consequences include significant financial loss, reputational damage, and regulatory penalties.

Immediate Action: Immediately upgrade all instances of Studio 3T to the latest version released by the vendor, which addresses this vulnerability. Prioritize patching on internet-facing systems and those that process untrusted data. After patching, review access logs for any anomalous activity or connections that may indicate a prior compromise.

Proactive Monitoring: Implement enhanced monitoring on systems running Studio 3T. Scrutinize application and system logs for unusual commands or errors related to the child_process module. Monitor for unexpected outbound network connections or processes being spawned by the Studio 3T application, as these could be indicators of an active exploit.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Place the affected application behind a Web Application Firewall (WAF) with rules designed to detect and block command injection payloads.
• Restrict network access to the application, allowing connections only from trusted IP addresses and internal networks.
• Implement network segmentation to isolate the vulnerable host from critical internal systems, limiting the potential impact of a successful compromise.

Public Exploit Available: False

Given the critical CVSS score of 9.8, this vulnerability represents a severe and immediate threat to the organization. The highest priority must be the immediate application of vendor-supplied patches to all affected systems. Although there is no evidence of active exploitation at this time, organizations should operate under the assumption that they will be targeted. If patching cannot be performed immediately, the compensating controls listed above must be implemented as a temporary measure while a patching schedule is expedited.