What is the CVSS score of CVE-2025-34082?

CVE-2025-34082 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. EPSS exploitation probability: 46.0%.

Which versions of IGEL OS are affected by CVE-2025-34082?

IGEL OS devices running versions before 11.04.270 contain a critical command injection vulnerability in terminal and remote access services that allows unauthenticated network attackers to execute…. A patch is available.

Is there a public PoC exploit available for CVE-2025-34082?

Yes, a public proof-of-concept exploit is available for CVE-2025-34082. Prioritise patching immediately. EPSS: 46.0%.

How to fix or mitigate CVE-2025-34082?

Within 24 hours: Identify all IGEL OS devices in your environment and document current versions using inventory or MDM tools; immediately isolate or restrict network access (ports 30022 and 5900) to affected devices pending patching. Within 7 days: Apply vendor patch to upgrade all IGEL OS 11.x devices to version 11.04.270 or later; verify patches via device inventory confirmation. Within 30 days: Decommission or upgrade any remaining IGEL OS v10.x systems (EOL status); conduct network segmentation review to limit lateral access from thin clients.

IGEL OS CVE-2025-34082

EUVD-2025-19904 CRITICAL

OS Command Injection (CWE-78)

2025-07-03 disclosure@vulncheck.com

RCE Command Injection

9.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

9.3 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 05:52 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

11.04.270,10.06.220

EUVD ID Assigned

Mar 16, 2026 - 02:12 euvd

EUVD-2025-19904

Analysis Generated

Mar 16, 2026 - 02:12 vuln.today

CVE Published

Jul 03, 2025 - 20:15 nvd

CRITICAL 9.3

DescriptionCVE.org

A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 30022 and 5900. An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges.

NOTE: IGEL OS v10.x has reached end-of-life (EOL) status.

Analysis

NOTE: IGEL OS v10.x has reached end-of-life (EOL) status.

Technical ContextAI

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells. This vulnerability is classified as OS Command Injection (CWE-78).

RemediationAI

Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

CVE-2025-34082 vulnerability details – vuln.today

Back