Vulnerability Description
A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 30022 and 5900. An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges. NOTE: IGEL OS v10.x has reached end-of-life (EOL) status.
Related Weaknesses (CWE)
References
- https://kb.igel.com/security-safety/current/isn-2021-01-igel-os-remote-command-e
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://vulncheck.com/advisories/igel-os-secure-terminal-shadow-rce
- https://www.igel.com/wp-content/uploads/2021/02/lxos_11.04.270.txt
FAQ
What is CVE-2025-34082?
CVE-2025-34082 is a documented vulnerability. A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handlin...
How severe is CVE-2025-34082?
CVSS scoring is not yet available for CVE-2025-34082. Check NVD for updates.
Is there a patch for CVE-2025-34082?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.