CVE-2025-34030
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-20

Last updated on: 2025-11-20

Assigner: VulnCheck

Description
An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to the plot parameter (e.g., ?plot=;id) in a crafted GET request. The output of the command is displayed in the application's interface after interacting with the host selection UI. Successful exploitation leads to arbitrary command execution on the underlying system.Β Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-20
Last Modified
2025-11-20
Generated
2026-05-06
AI Q&A
2025-06-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-34030
EUVD
EUVD-2025-18774
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-34030 is a critical OS command injection vulnerability in sar2html version 3.2.2 and earlier. It occurs because the application does not properly sanitize user input in the 'plot' parameter of index.php. An attacker can remotely inject arbitrary system commands by appending them to this parameter in a crafted GET request (e.g., ?plot=;id). When the application processes this request and the user interacts with the host selection UI, the output of the injected command is displayed in the interface, allowing the attacker to execute commands on the underlying system without authentication or privileges. [1, 2, 3]


How can this vulnerability impact me? :

This vulnerability can lead to arbitrary command execution on the server hosting sar2html, potentially resulting in full system compromise. Since no authentication or privileges are required, a remote attacker can execute any system-level commands, which may lead to unauthorized data access, data modification, service disruption, or complete control over the affected system. [2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for HTTP requests to the sar2html application that include suspicious or crafted 'plot' parameter values, such as those containing shell command injection patterns (e.g., '?plot=;id'). One way to test detection is to send a crafted GET request like: curl 'http://<ipaddr>/index.php?plot=;id' and observe if the command output appears in the application interface. Additionally, FortiGuard Labs has developed IPS signatures that detect and drop malicious traffic exploiting this vulnerability, which can be used in network intrusion prevention systems to identify attempts automatically. [1, 3]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the sar2html application to trusted networks only, implementing web application firewalls or IPS solutions with updated signatures that detect and block exploitation attempts, and monitoring logs for suspicious requests targeting the 'plot' parameter. Since no vendor patches or updates are currently available, applying network-level protections and disabling or limiting the use of the vulnerable sar2html version are recommended until a fix is released. [3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart