CVE-2025-34034

HIGH EXPLOITED

Blue Angel Software Suite - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2025-34034 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Paolo Serracino_ Pietro Minniti_ Damiano Proietti.

AI-analyzed exploit summary This exploit demonstrates authenticated command execution in Blue Angel Software Suite by leveraging hardcoded credentials and a command injection vulnerability in the ping functionality. It logs in using default credentials and executes arbitrary commands via the ping_addr parameter.

Description

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.

Exploits (1)

exploitdb WORKING POC

by Paolo Serracino_ Pietro Minniti_ Damiano Proietti · pythonremotelinux

https://www.exploit-db.com/exploits/46792

View Code ZIP pw:eip

This exploit demonstrates authenticated command execution in Blue Angel Software Suite by leveraging hardcoded credentials and a command injection vulnerability in the ping functionality. It logs in using default credentials and executes arbitrary commands via the ping_addr parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Blue Angel Software Suite (All versions)

Auth required

Prerequisites: Network access to the target device · Default credentials enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory third-party-advisory exploit

https://www.exploit-db.com/exploits/46792

Third Party Advisory third-party-advisory

https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials

Scores

CVSS v3 8.8

EPSS 0.0037

EPSS Percentile 59.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-06-23

CWE

CWE-798

Status published

Products (2)

5VTechnologies/Blue Angel Software Suite

5vtechnologies/blue_angel_software_suite

Published Jun 24, 2025

Tracked Since Feb 18, 2026