CVE-2025-34103
Published: 15 July 2025
Summary
CVE-2025-34103 is a critical-severity OS Command Injection (CWE-78) vulnerability in Githubusercontent (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
An unauthenticated command injection vulnerability affects WePresent WiPG-1000 wireless presentation devices running firmware versions prior to 2.2.3.0. The flaw stems from improper input sanitization of the Client parameter in the undocumented /cgi-bin/rdfs.cgi endpoint, which is passed directly to a system call and enables arbitrary command execution as the web server user. The issue is tracked under CWE-78 and CWE-306 and carries a CVSS 4.0 score of 9.3.
An unauthenticated remote attacker can exploit the vulnerability over the network by sending a crafted HTTP request to the rdfs.cgi endpoint. Successful exploitation grants the attacker the ability to execute arbitrary operating system commands without authentication, potentially leading to full device compromise including configuration changes, data exfiltration, or use as a pivot point within the target network.
Public references, including a Redguard advisory and VulnCheck entry, identify the affected endpoint and confirm that the issue is resolved in firmware 2.2.3.0 and later. A Metasploit module and Exploit-DB entry further document the injection vector and provide proof-of-concept code for the unauthenticated command execution path.
The CVE maintains a high EPSS score of 0.7264 at both current and peak values, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21423
Vulnerability details
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticated…
more
remote attacker to execute arbitrary commands as the web server user.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requires established identification and authentication to unlock, mitigating missing authentication for continued system access.
Requiring identification and rationale for actions allowed without authentication ensures critical functions are not left unprotected by forcing review of authentication requirements.
Authorizing mobile device connections to organizational systems ensures authentication is performed for this critical access function.
Guarantees critical functions are protected by mandatory invocation of the access control mechanism.
Auditing sessions makes it possible to detect access to critical functions without required authentication.
The assessment process confirms authentication is present and effective for critical functions, preventing exploitation from missing authentication.
Certification assesses that critical functions have required authentication controls in place.
Disabling non-essential functions and services eliminates the need to secure them, reducing exposure from missing authentication on unnecessary components.