OS Command Injection in EnGenius EnShare Cloud Service
CVE-2025-34035
Key Information:
- Vendor
Engenius
- Vendor
- CVE Published:
- 24 June 2025
Badges
What is CVE-2025-34035?
An OS command injection vulnerability has been identified in EnGenius EnShare Cloud Service, specifically in versions 1.4.11 and prior. The vulnerability originates from the usbinteract.cgi script, which inadequately sanitizes user input delivered through the path parameter. This flaw enables unauthenticated remote attackers to inject arbitrary shell commands that execute with root privileges, potentially leading to a complete system compromise. Organizations utilizing this service are urged to apply necessary mitigations to safeguard their systems from potential exploitation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
EnShare IoT Gigabit Cloud Service 0 <= 1.4.11
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
7% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved