CVE-2025-2611

Critical CVSS 9.3

Overview

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling.

Versions 7.4 and below are known to be vulnerable.

CWE: CWE-20 Published: 2025-08-05T15:15:29.127

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.3 (CRITICAL)
Detected tags: rce (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags