CVE-2014-125124
Pandora FMS <5.0RC1 - RCE
Title source: llmDescription
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell command, allowing arbitrary command execution as the pandora user. In certain versions (notably 4.1 and 5.0RC1), the pandora user can elevate privileges to root without a password using a chain involving the artica user account. This account is typically installed without a password and is configured to run sudo without authentication. Therefore, full system compromise is possible without any credentials.
Exploits (2)
metasploit
WORKING POC
EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pandora_fms_exec.rb
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/31518
References (3)
Scores
EPSS
0.3604
EPSS Percentile
97.0%
Classification
CWE
CWE-78
CWE-306
Status
draft
Timeline
Published
Jul 31, 2025
Tracked Since
Feb 18, 2026