CVE-2025-34088

Description

An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

High

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

Artica ST / Pandora FMS0 – 7.0NG

References

EXPLOIThttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/pandora_ping_cmd_exec.rb
EXPLOIThttps://www.exploit-db.com/exploits/48334
MISChttps://www.rapid7.com/db/modules/exploit/linux/http/pandora_ping_cmd_exec/
MISChttps://github.com/pandorafms/pandorafms
VENDOR_ADVISORYhttps://vulncheck.com/advisories/pandora-fms-rce-via-ping