CVE-2025-34115

N/A Unknown
Published: July 15, 2025 Modified: April 15, 2026
View on NVD

Description

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/op5_config_exec.rb
Source: disclosure@vulncheck.com
https://www.exploit-db.com/exploits/39676
Source: disclosure@vulncheck.com
https://www.itrsgroup.com/products/network-monitoring-op5-monitor
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/op5-monitor-authenticated-command-execution
Source: disclosure@vulncheck.com

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
52.6%
98th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-20 CWE-78 CWE-306

Related CVEs

CVE-2026-7513 8.8
CVE-2026-7512 8.8
CVE-2026-5656 7.0
CVE-2026-5405 7.8
CVE-2026-5404 4.7