ICTBroadcast Unauthenticated Session Cookie Remote Code Execution_CVE-2025-2611

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H

Description

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling.

Versions 7.4 and below are known to be vulnerable.

Basic Information

ID CVE-2025-2611

Source VulnCheck

Published Aug 5, 2025 at 15:00

Modified Aug 6, 2025 at 16:13

Affected Product

Vendor ICT Innovations

Product ICTBroadcast

Affected Versions ICT Innovations ICTBroadcast 0

CWE Classification

CWE-20

References

github.com /rapid7/metasploit-framework/pull/20446

{
    "lastseen": "",
    "description": "The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling.\n\n\n\n\nVersions 7.4 and below are known to be vulnerable.",
    "published": "2025-08-05T15:00:32.531Z",
    "modified": "2025-08-06T16:13:05.773Z",
    "type": "cve",
    "title": "ICTBroadcast Unauthenticated Session Cookie Remote Code Execution",
    "source": "VulnCheck",
    "references": "https://github.com/rapid7/metasploit-framework/pull/20446",
    "id": "CVE-2025-2611",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "ICT Innovations ICTBroadcast 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ICTBroadcast",
    "version": "0",
    "vendor": "ICT Innovations",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}