CVE-2025-34088
published 2025-07-03CVE-2025-34088: An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated…
PriorityP271high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
5.09%
91.3th percentile
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artica_st | pandora_fms | <= 7.0NG | — |
| msrc | cbl2_frr_8.5.3-6_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| pandorafms | pandora_fms | <= 7.0_ng | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to net_tools.php containing shell metacharacters or command separators in the select_ips parameter, which is the injection point for OS command execution. ↗
- →Alert on authenticated POST/GET requests to net_tools.php where user input is passed unsanitized to system commands — look for ping-related network tool invocations with injected payloads. ↗
- →The Metasploit module pandora_ping_cmd_exec.rb targets this vulnerability; presence of this module in use can be detected via its characteristic HTTP request patterns against Pandora FMS endpoints. ↗
- ·Exploitation requires prior authentication — unauthenticated access alone is insufficient to trigger the command injection. ↗
- ·Affected versions are Pandora FMS 7.0NG and earlier; detections should be scoped to environments running these versions. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rjr7-x9gp-9rwg: An authenticated remote code execution vulnerability exists in Pandora FMS version 7
ghsa_unreviewed·2025-07-03
CVE-2025-34088 [HIGH] CWE-78 GHSA-rjr7-x9gp-9rwg: An authenticated remote code execution vulnerability exists in Pandora FMS version 7
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.
Microsoft
In FRRouting (FRR) through 9.1 it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL val
vendor_msrc·2024-04-09·CVSS 7.5
CVE-2024-34088 [HIGH] CWE-476 In FRRouting (FRR) through 9.1 it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL val
In FRRouting (FRR) through 9.1 it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value the OSPF daemon crashes leading to denial of service.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact
No detection rules found.
No writeups or analysis indexed.
https://github.com/pandorafms/pandorafmshttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/pandora_ping_cmd_exec.rbhttps://vulncheck.com/advisories/pandora-fms-rce-via-pinghttps://www.exploit-db.com/exploits/48334https://www.rapid7.com/db/modules/exploit/linux/http/pandora_ping_cmd_exec/
2025-07-03
Published