CVE-2025-2611

Vulnerability Description

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.

Related Weaknesses (CWE)

CWE-78

References

https://github.com/rapid7/metasploit-framework/pull/20446
https://www.vulncheck.com/advisories/ictbroadcast-unauthenticated-session-cookie
https://www.vulncheck.com/blog/ictbroadcast-kev

FAQ

What is CVE-2025-2611?

CVE-2025-2611 is a documented vulnerability. The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results ...

How severe is CVE-2025-2611?

CVSS scoring is not yet available for CVE-2025-2611. Check NVD for updates.

Is there a patch for CVE-2025-2611?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.