CVE-2025-34115

OP5 Monitor <7.1.9 - Command Injection

Title source: llm

Description

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.

Exploits (2)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/39676

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by h00die <[email protected]>, hyp3rlinx · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/op5_config_exec.rb

View Code ZIP pw:eip

References (4)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/op5_config_exec.rb

[Various Sources] https://www.itrsgroup.com/products/network-monitoring-op5-monitor

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/39676

[Third Party Advisory] https://www.vulncheck.com/advisories/op5-monitor-authenticated-command-execution

Scores

EPSS 0.4842

EPSS Percentile 97.7%

Classification

CWE

CWE-78 CWE-306 CWE-20

Status draft

Timeline

Published Jul 15, 2025

Tracked Since Feb 18, 2026