- Description
- The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-20
- Hype score
- Not currently trending
⚠️ Hackers are exploiting a bug in the Sneeit Framework plugin (CVE-2025-6389) to run code on servers and create admin accounts on WordPress sites. ⚠️ Separately, a flaw in ICTBroadcast (CVE-2025-2611) lets attackers use the BROADCAST cookie for unauthenticated remote sh
@TheHackersNews
8 Dec 2025
18609 Impressions
55 Retweets
181 Likes
35 Bookmarks
3 Replies
2 Quotes
🚨 New plugin: ICTBroadcastRcePlugin (CVE-2025-2611). ICTBroadcast unauthenticated RCE vulnerability detection. Results: https://t.co/SeOrPCTM33 https://t.co/Jpy4qgAZBW
@leak_ix
25 Nov 2025
613 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 ICTBroadcast Security Advisory [—] Oct 22, 2025 Comprehensive security advisory regarding CVE-2025-2611 affecting ICTBroadcast versions 7.4 and earlier. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 https://t.co/8cQTevbgqL
@transilienceai
22 Oct 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ICTBroadcast CVE-2025-2611 Exploitation [Critical] Oct 21, 2025 This report details the active exploitation of CVE-2025-2611, a critical command injection vulnerability affecting ICTBroadcast versions 7.4 and below. The vulnerability allows unauthenticated remote code... htt
@transilienceai
21 Oct 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ICTBroadcast Product Security Advisory [—] Oct 20, 2025 Comprehensive security advisory for ICTBroadcast, addressing CVE-2025-2611 and related vulnerabilities. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/9J69UmVtj5
@transilienceai
20 Oct 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🍪 A cookie that spawns a shell 💀 A critical flaw (CVE-2025-2611, CVSS 9.3) in ICTBroadcast autodialer software is under active exploitation. Attackers inject commands via the BROADCAST session cookie for unauthenticated remote code execution. No patch yet — check your
@zeeshankghouri
20 Oct 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A cookie that spawns a shell 💀 A critical flaw (CVE-2025-2611, CVSS 9.3) in ICTBroadcast autodialer software is under active exploitation. Attackers inject commands via the BROADCAST session cookie for unauthenticated remote code execution. Cc @hacker
@Ecotashford
15 Oct 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 استهدف المخترقون خوادم ICTBroadcast من خلال استغلال ثغرة في الكوكيز للحصول على وصول عن بُعد. الثغرة، المعروفة بـCVE-2025-2611، تتعلق بسوء تحقق المدخلات، مما يسمح
@Cybercachear
15 Oct 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ICTBroadcast servers are actively exploited! 🚨 A critical RCE flaw (CVE-2025-2611) lets hackers get remote shell access via a cookie exploit. Patch now! https://t.co/zGUGsfyvBn #ICTBroadcast #RCE #CyberAttack
@0xT3chn0m4nc3r
15 Oct 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🍪 A cookie that spawns a shell 💀 A critical flaw (CVE-2025-2611, CVSS 9.3) in ICTBroadcast autodialer software is under active exploitation. Attackers inject commands via the BROADCAST session cookie for unauthenticated remote code execution. No patch yet — check your
@TheHackersNews
15 Oct 2025
15078 Impressions
52 Retweets
110 Likes
24 Bookmarks
0 Replies
3 Quotes
Over the long weekend, @VulnCheckAI observed in-the-wild exploitation of CVE-2025-2611, an unauthenticated command injection vuln in ICTBroadcast. Payload + attacker behavior analysis here c/o @Junior_Baines https://t.co/RLEBJ8rMIX
@catc0n
14 Oct 2025
3649 Impressions
8 Retweets
12 Likes
4 Bookmarks
0 Replies
1 Quote
CVE-2025-2611 Unauthenticated Remote Code Execution in ICTBroadcast Through Session Cookie Injection https://t.co/3CjGNPQ9P0
@VulmonFeeds
5 Aug 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2611 The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get execu… https://t.co/FRXosJaq3V
@CVEnew
5 Aug 2025
237 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2611: CRITICAL] ICTBroadcast application exposes a critical vulnerability allowing unauthenticated remote code execution due to unsafe passing of session cookie data. Versions 7.4 and below are at risk.#cve,CVE-2025-2611,#cybersecurity https://t.co/XcLs5IK1gq https://t.
@CveFindCom
5 Aug 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes