CVE-2025-34033

| EUVD-2025-18969 HIGH
2025-06-24 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-18969
PoC Detected
Nov 20, 2025 - 22:15 vuln.today
Public exploit code
CVE Published
Jun 24, 2025 - 01:15 nvd
HIGH 8.8

Tags

Command Injection Blue Angel Software Suite

Description

An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping_addr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can inject arbitrary commands by appending shell metacharacters to the ping_addr parameter in a crafted GET request to /cgi-bin/webctrl.cgi?action=pingtest_update. The command's output is reflected in the application's web interface, enabling attackers to view results directly. Default and backdoor credentials can be used to access the interface and exploit the issue. Successful exploitation results in arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.

Analysis

CVE-2025-34033 is an OS command injection vulnerability in Blue Angel Software Suite's webctrl.cgi script that allows authenticated attackers to execute arbitrary commands as root via unsanitized input to the ping_addr parameter. The vulnerability affects embedded Linux devices running the Blue Angel Software Suite, and successful exploitation grants complete system compromise with command output visible in the web interface. Active exploitation was confirmed by Shadowserver Foundation on 2025-01-26, with CVSS 8.8 severity and root-level code execution impact.

Technical Context

The vulnerability exists in the /cgi-bin/webctrl.cgi script within the Blue Angel Software Suite running on embedded Linux systems. The root cause is CWE-78 (Improper Neutralization of Special Elements used in an OS Command, aka 'OS Command Injection'). The ping_addr parameter in the pingtest_update action is passed directly to the system-level ping command without adequate input sanitization or validation. This allows attackers to inject shell metacharacters (such as semicolons, pipes, backticks, command substitution operators) to break out of the intended ping command context and execute arbitrary shell commands. The ping command typically executes with elevated privileges (root) on embedded Linux devices, making command injection particularly severe. The vulnerable code path is: GET /cgi-bin/webctrl.cgi?action=pingtest_update&ping_addr=[INJECTION_POINT] → unsanitized parameter → system()/exec() call → arbitrary command execution.

Affected Products

Blue Angel Software Suite running on embedded Linux devices. Specific version information is not provided in the available data, suggesting this may affect multiple versions or current/recent versions of the suite. The vulnerable component is webctrl.cgi accessible at /cgi-bin/webctrl.cgi. Affected configurations include any Blue Angel Software Suite deployment with: (1) embedded Linux OS, (2) webctrl.cgi CGI script enabled, (3) authentication enabled but using default/weak credentials. No specific CPE string is provided in the submission, but CPE would likely follow pattern: cpe:2.3:a:blue_angel_software:blue_angel_software_suite:*:*:*:*:*:linux:*:*. Vendor advisory links are not included in the provided data—recommend checking Blue Angel Software official security bulletins and vendor advisories for specific patched versions.

Remediation

Immediate actions: (1) Apply vendor-supplied patches immediately once available from Blue Angel Software security advisories; (2) If patches unavailable, implement input validation/sanitization: whitelist only valid IP address formats in ping_addr parameter (regex: ^([0-9]{1,3}\.){3}[0-9]{1,3}$ or equivalent IPv6), reject any input containing shell metacharacters (;|&<>$`\"'\n); (3) Use safe command execution APIs: replace system()/shell-based calls with direct ping binary invocation using execve() with argument array (no shell parsing); (4) Enforce strong authentication: disable default credentials, enforce strong passwords, implement account lockout policies, consider removing the pingtest_update functionality if not essential; (5) Network isolation: restrict access to webctrl.cgi to trusted networks only using firewall rules; (6) Least privilege: verify webctrl.cgi process runs with minimal necessary privileges (avoid root if possible); (7) Monitor: enable CGI/web server logging for pingtest_update requests and review for suspicious ping_addr patterns. Contact Blue Angel Software support for patch availability and timeline.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: +20

Share

CVE-2025-34033 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy