cbcvebase.
CVE-2025-34115
published 2025-07-15

CVE-2025-34115: An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A…

PriorityP265high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
2.32%
81.3th percentile
An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.

Affected

1 ranges
VendorProductVersion rangeFixed in
itrs_groupop5_monitor<= 7.1.9

Detection & IOCsextracted from sources · hover to see the quote

url/command_test.php
othercmd_str
  • Monitor HTTP POST requests to /command_test.php containing shell metacharacters or command separators in the 'cmd_str' parameter, which is the injection point for this vulnerability.
  • Alert on authenticated sessions accessing the OP5 Monitor configuration section and invoking the 'Test this command' feature, particularly where cmd_str values contain unexpected shell syntax.
  • A Metasploit module exists for this vulnerability (op5_config_exec.rb); look for exploit framework artifacts or automated exploitation patterns targeting /command_test.php on OP5 Monitor ≤ 7.1.9.
  • ·Exploitation requires valid authenticated credentials; unauthenticated access alone is insufficient to trigger the vulnerability.
  • ·Commands execute as the unprivileged web application user, not root; post-exploitation privilege escalation would be needed for full system compromise.
  • ·Only OP5 Monitor versions through 7.1.9 are affected; version 7.2.0 contains the fix.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.