Cyber Resilience

CVE-2025-34103

CriticalPublic PoCRCE

Published: 15 July 2025

Published
15 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.7264 98.8th percentile
Risk Priority 62 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34103 is a critical-severity OS Command Injection (CWE-78) vulnerability in Githubusercontent (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

An unauthenticated command injection vulnerability affects WePresent WiPG-1000 wireless presentation devices running firmware versions prior to 2.2.3.0. The flaw stems from improper input sanitization of the Client parameter in the undocumented /cgi-bin/rdfs.cgi endpoint, which is passed directly to a system call and enables arbitrary command execution as the web server user. The issue is tracked under CWE-78 and CWE-306 and carries a CVSS 4.0 score of 9.3.

An unauthenticated remote attacker can exploit the vulnerability over the network by sending a crafted HTTP request to the rdfs.cgi endpoint. Successful exploitation grants the attacker the ability to execute arbitrary operating system commands without authentication, potentially leading to full device compromise including configuration changes, data exfiltration, or use as a pivot point within the target network.

Public references, including a Redguard advisory and VulnCheck entry, identify the affected endpoint and confirm that the issue is resolved in firmware 2.2.3.0 and later. A Metasploit module and Exploit-DB entry further document the injection vector and provide proof-of-concept code for the unauthenticated command execution path.

The CVE maintains a high EPSS score of 0.7264 at both current and peak values, indicating sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticated…

more

remote attacker to execute arbitrary commands as the web server user.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Githubusercontent
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-306

Requires established identification and authentication to unlock, mitigating missing authentication for continued system access.

addresses: CWE-306

Requiring identification and rationale for actions allowed without authentication ensures critical functions are not left unprotected by forcing review of authentication requirements.

addresses: CWE-306

Authorizing mobile device connections to organizational systems ensures authentication is performed for this critical access function.

addresses: CWE-306

Guarantees critical functions are protected by mandatory invocation of the access control mechanism.

addresses: CWE-306

Auditing sessions makes it possible to detect access to critical functions without required authentication.

addresses: CWE-306

The assessment process confirms authentication is present and effective for critical functions, preventing exploitation from missing authentication.

addresses: CWE-306

Certification assesses that critical functions have required authentication controls in place.

addresses: CWE-306

Disabling non-essential functions and services eliminates the need to secure them, reducing exposure from missing authentication on unnecessary components.

References