CVE-2025-34088

Published Jul 3, 2025

Last updated 10 days ago

CVSS high 8.6

Overview

Description
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.
Source
disclosure@vulncheck.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

disclosure@vulncheck.com
CWE-78

Social media

Hype score
Not currently trending

  1. 🚨 Heads up, cybersecurity community! CVE-2025-34088 is stirring trouble in Pandora FMS 7.0NG and earlier. 🛡️ Authenticated users can exploit a command injection flaw in net_tools.php ⚔️. Ensure 🚀 patching and enhance input sanitization to stay secure! #CyberSecurit

    @SecAideInfo

    6 Jul 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-34088 Authenticated Remote Code Execution in Pandora FMS 7.0NG via Command Injection https://t.co/8hMZHLjfP6

    @VulmonFeeds

    3 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-34088 An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to ex… https://t.co/NK8qJgehOO

    @CVEnew

    3 Jul 2025

    552 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-34088: HIGH] Pandora FMS v7.0NG has a critical remote code execution flaw. Authenticated users can run arbitrary OS commands using net_tools.php, risking system compromise.#cve,CVE-2025-34088,#cybersecurity https://t.co/DJSE9jbIv3 https://t.co/Z5uroB8D9h

    @CveFindCom

    3 Jul 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.