CVE-2025-34115
OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.
| CWE | CWE-78 CWE-306 CWE-20 |
| Vendor | itrs group |
| Product | op5 monitor |
| Published | Jul 15, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for itrs group op5 monitor
Be the first to know when new unknown vulnerabilities affecting itrs group op5 monitor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
ITRS Group / OP5 Monitor
* โค 7.1.9
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/op5_config_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/39676 itrsgroup.com: https://www.itrsgroup.com/products/network-monitoring-op5-monitor vulncheck.com: https://www.vulncheck.com/advisories/op5-monitor-authenticated-command-execution
Credits
hyp3rlinx