Command Injection Vulnerability in IGEL OS Secure Terminal and Secure Shadow Services
CVE-2025-34082
Key Information:
- Vendor
Igel Technology Gmbh
- Status
- Vendor
- CVE Published:
- 3 July 2025
Badges
What is CVE-2025-34082?
A command injection vulnerability exists in IGEL OS prior to version 11.04.270, specifically within the Secure Terminal and Secure Shadow services. This flaw is attributed to inadequate input sanitization when processing crafted PROXYCMD commands over TCP ports 30022 and 5900. An attacker with network access to an affected device can exploit this vulnerability to inject arbitrary commands, potentially resulting in remote code execution with elevated privileges. Note that IGEL OS v10.x is no longer supported and has reached end-of-life status.
Affected Version(s)
OS Linux 11 < 11.04.270
OS Linux 10 < 10.06.220
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved