CVE-2025-34088

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-34088. PoCs published by Metasploit, Onur ER <[email protected]>, including Metasploit module exploits/linux/http/pandora_ping_cmd_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated remote code execution vulnerability in Pandora FMS 7.0NG and lower via command injection in the net_tools.php component. It authenticates with provided credentials and injects commands through the 'select_ips' parameter.

Description

An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/48334

View Code ZIP pw:eip

This Metasploit module exploits an authenticated remote code execution vulnerability in Pandora FMS 7.0NG and lower via command injection in the net_tools.php component. It authenticates with provided credentials and injects commands through the 'select_ips' parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Pandora FMS <= 7.0NG

Auth required

Prerequisites: Valid credentials for Pandora FMS · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Onur ER <[email protected]> · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pandora_ping_cmd_exec.rb