Cyber Resilience

CVE-2025-34093

HighPublic PoCRCE

Published: 10 July 2025

Published
10 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.7210 98.8th percentile
Risk Priority 58 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34093 is a high-severity OS Command Injection (CWE-78) vulnerability in Githubusercontent (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known.

Attackers who can reach the Telnet service and satisfy any required authentication can supply malicious input to the traceroute command, resulting in arbitrary command execution as root. The vulnerability is tracked as CWE-78 with a CVSS 4.0 score of 7.5 reflecting network-accessible attack vectors and high impact on confidentiality, integrity, and availability.

Public exploit code for the issue has been available for years, including a Metasploit module and entries on Exploit-DB, along with prior technical analyses and an archived Polycom security advisory describing a hotfix release. The associated EPSS score has remained flat at its peak value of 0.7210 with no material increase after disclosure.

EU & UK References

Vulnerability details

An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through…

more

the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Githubusercontent
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References