cbcvebase.
CVE-2025-34082
published 2025-07-03

CVE-2025-34082: A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to…

PriorityP277critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
5.28%
91.5th percentile
A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 30022 and 5900. An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges. NOTE: IGEL OS v10.x has reached end-of-life (EOL) status.

Affected

2 ranges
VendorProductVersion rangeFixed in
igel_technology_gmbhos>= 10 < 10.06.22010.06.220
igel_technology_gmbhos>= 11 < 11.04.27011.04.270

Detection & IOCsextracted from sources · hover to see the quote

port30022/tcp
port5900/tcp
commandPROXYCMD
  • Monitor for unauthenticated inbound connections to TCP port 30022 (telnet_ssl_connector / Secure Terminal) on IGEL OS devices, particularly those sending PROXYCMD payloads with shell metacharacters indicative of command injection.
  • Monitor for unauthenticated inbound connections to TCP port 5900 (vnc_ssl_connector / Secure Shadow) on IGEL OS devices carrying malformed or injected PROXYCMD commands.
  • Alert on unexpected process spawning (e.g., shell processes) as children of telnet_ssl_connector or vnc_ssl_connector processes on IGEL OS endpoints, which may indicate successful RCE with elevated privileges.
  • A public Metasploit module exists for this vulnerability (linux/misc/igel_command_injection); correlate IDS/firewall logs for exploit framework signatures targeting IGEL OS on ports 30022 and 5900.
  • ·The vulnerability is exploitable by unauthenticated attackers with network access; network-level controls (firewall rules blocking external access to TCP 30022 and 5900) are a critical compensating control until patching.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.