Cyber Resilience

CVE-2025-34029

CriticalPublic PoCRCE

Published: 20 June 2025

Published
20 June 2025
Modified
20 November 2025
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0535 90.3th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34029 is a critical-severity OS Command Injection (CWE-78) vulnerability in Edimax Ew-7438Rpn Mini Firmware. Its CVSS base score is 9.4 (Critical).

Operationally, ranked in the top 9.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior. The flaw resides in the syscmd.asp form handler at the /goform/formSysCmd endpoint, where the sysCmd parameter accepts unsanitized input that is passed directly to the underlying system shell, enabling execution as the root user. The issue is tracked as CWE-78 and carries a CVSS 4.0 score of 9.4.

A remote authenticated attacker can supply arbitrary shell commands through the sysCmd parameter to achieve full command execution on the device. Successful exploitation grants the attacker root-level control over the affected range extender, allowing arbitrary system modification, data access, or further lateral movement within the network. Evidence of real-world exploitation attempts against this vulnerability was recorded by the Shadowserver Foundation on 2024-09-14 UTC.

The provided references include a VulnCheck advisory, an Exploit-DB entry, a Broadcom attack signature, and the vendor product page, but contain no explicit statements on patches or mitigation steps. The associated EPSS score remains flat at 0.0535 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary…

more

shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

edimax
ew-7438rpn mini firmware
≤ 1.13

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References