CVE-2025-34115

OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php

CVSS 8.7 HIGHEPSS 2.3%CWE-20 CWE-306 CWE-78

Vexday Risk Score

36Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.7EPSS 2.3%KEV nãoPoC —Nuclei —Metasploit simPatch —

Lifecycle

08 Apr 2016Metasploit module available

15 Jul 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

ITRS Group · OP5 Monitor

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/op5_config_exec.rb https://www.exploit-db.com/exploits/39676 https://www.itrsgroup.com/products/network-monitoring-op5-monitor https://www.vulncheck.com/advisories/op5-monitor-authenticated-command-execution