CVE-2025-34082
IGEL OS Secure Terminal and Secure Shadow Remote Code Execution
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 30022 and 5900. An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges. NOTE: IGEL OS v10.x has reached end-of-life (EOL) status.
| CWE | CWE-78 |
| Vendor | igel technology gmbh |
| Product | os |
| Published | Jul 3, 2025 |
| Last Updated | May 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for igel technology gmbh os
Be the first to know when new unknown vulnerabilities affecting igel technology gmbh os are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
IGEL Technology GmbH / OS
11 < 11.04.270 10 < 10.06.220
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/misc/igel_command_injection.rb kb.igel.com: https://kb.igel.com/security-safety/current/isn-2021-01-igel-os-remote-command-execution-vulne igel.com: https://www.igel.com/wp-content/uploads/2021/02/lxos_11.04.270.txt vulncheck.com: https://vulncheck.com/advisories/igel-os-secure-terminal-shadow-rce
Credits
Rob Vinson of NCC Group