CVE-2025-2611

CRITICAL EXPLOITED NUCLEI

ICTBroadcast - Command Injection

Title source: nuclei

Exploitation Summary

CVE-2025-2611 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Valentin Lobstein, including a Metasploit module exploits/linux/http/ictbroadcast_unauth_cookie. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated RCE vulnerability in ICTBroadcast by injecting arbitrary commands into session cookies. It dynamically retrieves valid cookies and injects a base64-encoded payload via backtick command substitution.

Description

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Valentin Lobstein · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated RCE vulnerability in ICTBroadcast by injecting arbitrary commands into session cookies. It dynamically retrieves valid cookies and injects a base64-encoded payload via backtick command substitution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ICTBroadcast (version not specified)

No auth needed

Prerequisites: Network access to the target · ICTBroadcast login.php endpoint accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

ICTBroadcast - Command Injection

CRITICALVERIFIEDby Chocapikk

Shodan: html:"ICTBroadcast"

References (3)

Core 3

Core References

Issue Tracking exploit

https://github.com/rapid7/metasploit-framework/pull/20446

Third Party Advisory technical-description exploit

https://www.vulncheck.com/blog/ictbroadcast-kev

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/ictbroadcast-unauthenticated-session-cookie-rce

Scores

CVSS v4 9.3

EPSS 0.7773

EPSS Percentile 99.0%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-10-12

CWE

CWE-78

Status published

Products (1)

ICT Innovations/ICTBroadcast < 7.4

Published Aug 05, 2025

Tracked Since Feb 18, 2026