CVE-2025-5306

CRITICAL

Pandora FMS 774-778 - OS Command Injection via Netflow Directory Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-5306. PoCs published by msutovsky-r7, including Metasploit module exploits/linux/http/pandora_fms_auth_netflow_rce.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in PandoraFMS Netflow component (CVE-2025-5306). It authenticates with provided credentials, modifies Netflow settings to inject a payload, and triggers execution via a crafted configuration update.

Description

Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778

Exploits (1)

metasploit WORKING POC EXCELLENT
by msutovsky-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pandora_fms_auth_netflow_rce.rb

This Metasploit module exploits a command injection vulnerability in PandoraFMS Netflow component (CVE-2025-5306). It authenticates with provided credentials, modifies Netflow settings to inject a payload, and triggers execution via a crafted configuration update.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PandoraFMS versions 7.0.774 to 7.0.777.10
Auth required
Prerequisites: Valid PandoraFMS credentials · Netflow binaries present on the system · Access to the PandoraFMS web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.7126
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-77
Status published
Products (1)
artica/pandora_fms 774 - 778
Published Jun 27, 2025
Tracked Since Feb 18, 2026