CVE-2025-2611

Aug. 5, 2025, 9:06 p.m.

9.3
Critical

Description

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.

Product(s) Impacted

Vendor Product Versions
Ictbroadcast
  • Ictbroadcast
  • 7.4, <7.4

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a ictbroadcast ictbroadcast 7.4 / / / / / / /
a ictbroadcast ictbroadcast <7.4 / / / / / /

References

https://github.com/rapid7/metasploit-framework/pull/20446

Tags

CWE-20
disclosure@vulncheck.com
2025-08-05
CVE-2025-2611

CVSS Score

9.3 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: LOW
  • Availability Impact: LOW
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Aug. 5, 2025, 3:15 p.m.
Last Modified: Aug. 5, 2025, 9:06 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

disclosure@vulncheck.com

Linked Attack Reports

The Mystery OAST Host Behind a Regionally Focused Exploit Operation

A long-running, attacker-operated OAST service on Google Cloud has been observed driving a focused exploit operation. The actor combines stock Nuclei templates with custom payloads to expand their reach. All observed activity targeted canaries deployed in Brazil, indicating a deliberate regional fo…
exploit
brazil
google cloud
CVE-2025-4428
CVE-2025-2611
2025-11-28
oast
fastjson
regional targeting
nuclei
scanning infrastructure
Published: November 28, 2025
Linked vulnerabilities : CVE-2025-4428, CVE-2025-2611 (CVSS 9.3)
Downloadable IOCs: 9

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.