CVE-2025-2611

UNKNOWN 0.0

ICTBroadcast <= 7.4 Unauthenticated Session Cookie RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.

CWE	CWE-78
Vendor	ict innovations
Product	ictbroadcast
Published	Aug 5, 2025
Last Updated	Jun 23, 2026

Stay Ahead of the Next One

Get instant alerts for ict innovations ictbroadcast

Be the first to know when new unknown vulnerabilities affecting ict innovations ictbroadcast are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ICT Innovations / ICTBroadcast

0 ≤ 7.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/rapid7/metasploit-framework/pull/20446 vulncheck.com: https://www.vulncheck.com/blog/ictbroadcast-kev vulncheck.com: https://www.vulncheck.com/advisories/ictbroadcast-unauthenticated-session-cookie-rce

Credits

Valentin Lobstein (Chocapikk)