Cyber Resilience

CVE-2025-34024

CriticalPublic PoCRCE

Published: 20 June 2025

Published
20 June 2025
Modified
20 November 2025
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0432 89.1th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34024 is a critical-severity OS Command Injection (CWE-78) vulnerability in Edimax Ew-7438Rpn Mini Firmware. Its CVSS base score is 9.4 (Critical).

Operationally, ranked in the top 10.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior. The flaw is located in the mp.asp form handler at the /goform/mp endpoint, which fails to sanitize the command parameter and permits shell metacharacters, corresponding to CWE-78 with a CVSS 4.0 score of 9.4.

An authenticated attacker with network access can supply crafted input containing shell metacharacters to the command parameter, resulting in arbitrary command execution as the root user on the device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.

Public references include a VulnCheck advisory, a Broadcom attack signature entry, the vendor product page, and an Exploit-DB entry for exploit 48377. The associated EPSS score stands at a current and peak value of 0.0432 with no material rise.

EU & UK References

Vulnerability details

An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell…

more

metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

edimax
ew-7438rpn mini firmware
≤ 1.13

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References