OS Command Injection in Pandora FMS by Pandora FMS
CVE-2025-5306

7HIGH

Key Information:

Vendor: Pandora Fms
Status: Pandora Fms
Vendor: CVE Published:; 27 June 2025

🔔 Create Pandora Fms Vulnerability Alert

What is CVE-2025-5306?

An OS command injection vulnerability has been identified in Pandora FMS, specifically attributable to improper sanitization of data within the Netflow directory field. This flaw can potentially allow attackers to execute arbitrary commands on the server by manipulating inputs, compromising system integrity and security. Affected versions include Pandora FMS from 774 to 778, highlighting the need for immediate attention and remediation to prevent exploitation.

Affected Version(s)

Pandora FMS all 774 <= 778

References

https://pandorafms.com/en/security/common-vulnerabilities...

EPSS Score

43% chance of being exploited in the next 30 days.

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
May 28, 2025

Credit

Martin Sutovsky, Security Researcher. Rapid 7