CVE-2025-34033

🗓️ 24 Jun 2025 00:59:49Reported by VulnCheckType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 16 Views🌐 WEB

Vulnerability in Blue Angel Software Suite allows OS command injection via ping_addr parameter.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-34033	24 Jun 202501:35	–	circl
CNNVD	5V Technologies Blue Angel Software Suite 操作系统命令注入漏洞	24 Jun 202500:00	–	cnnvd
Cvelist	CVE-2025-34033 5VTechnologies Blue Angel Software Suite OS Command Injection	24 Jun 202500:59	–	cvelist
EUVD	EUVD-2025-18969	3 Oct 202520:07	–	euvd
NVD	CVE-2025-34033	24 Jun 202501:15	–	nvd
Positive Technologies	PT-2025-26660 · Unknown · Blue Angel Software Suite	24 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-34033	26 Jun 202503:12	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2025-34033	23 Jun 202500:00	–	vulncheck_kev
Vulnrichment	CVE-2025-34033 5VTechnologies Blue Angel Software Suite OS Command Injection	24 Jun 202500:59	–	vulnrichment

NVD

Vulners

CNA

Node

5vtechnologies blue_angel_software_suite

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Web Management Interface (/cgi-bin/webctrl.cgi?action=pingtest_update)"
    ],
    "product": "Blue Angel Software Suite",
    "vendor": "5VTechnologies",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
vulncheck	www.vulncheck.com/advisories/5vtechnologies-blue-angel-command-injection
exploit-db	www.exploit-db.com/exploits/46792
exploit-db	www.exploit-db.com/raw/46792

Parameter	Position	Path	Description	CWE
ping_addr	query param	cgi-bin/webctrl.cgi?action=pingtest_update	OS command injection via ping_addr in GET request; input not sanitized before passing to system ping, allowing arbitrary command execution as root when attacker appends shell metacharacters.	CWE-78