CVE-2025-5306

CRITICAL

Artica Pandora Fms < 778 - Command Injection

Title source: rule

Description

Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778

Exploits (1)

metasploit WORKING POC EXCELLENT

by msutovsky-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pandora_fms_auth_netflow_rce.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Scores

CVSS v3 9.8

EPSS 0.6850

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

artica/pandora_fms 774 - 778

Published Jun 27, 2025

Tracked Since Feb 18, 2026