CVE-2025-34073

stamparm/maltrail <=0.54 Remote Command Execution

CVSS 10 CRITICALEPSS 3.9%CWE-306 CWE-78

Vexday Risk Score

63High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 10EPSS 3.9%KEV nãoPoC públicaNuclei simMetasploit simPatch —

Lifecycle

31 Jul 2023Metasploit module available

02 Jul 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions <=0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input passed to subprocess.check_output() in core/http.py, allowing injection of shell metacharacters. Exploitation does not require authentication and commands are executed with the privileges of the Maltrail process.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Stamparm · Maltrail

public PoCs found — 2

cve_referencehuntr.com/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87unverified cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/http/maltrail_rce.rbunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/stamparm/maltrail https://github.com/stamparm/maltrail/issues/19146 https://huntr.com/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/http/maltrail_rce.rb https://vulncheck.com/advisories/stamparm-maltrail-rce