This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: ICTBroadcast < 7.4 has a critical flaw in session cookie handling.β¦
π‘οΈ **Root Cause**: **CWE-78** (OS Command Injection). The application unsafely passes session cookie data directly to shell processing without proper sanitization. π₯ This allows command injection.
Q3Who is affected? (Versions/Components)
π’ **Vendor**: ICT Innovations (Pakistan). π¦ **Product**: ICTBroadcast. π **Affected Versions**: **7.4 and earlier**. If you are on v7.4 or below, you are vulnerable.
Q4What can hackers do? (Privileges/Data)
π» **Privileges**: **Unauthenticated**. No login required. ποΈ **Impact**: Full **Remote Code Execution (RCE)**.β¦
β‘ **Threshold**: **LOW**. It is **Unauthenticated**. Attackers do not need valid credentials or specific configuration tweaks to exploit this. Just a vulnerable version is enough.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Exploitation**: **YES**. Public PoC exists in Nuclei templates. π’ **Wild Exploitation**: Listed as a **KEV** (Known Exploited Vulnerability) by VulnCheck. Metasploit modules are also being developed. Act fast!
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Use **Nuclei** with the specific CVE-2025-2611 template. π‘ Scan for ICTBroadcast instances and check if the session cookie handling is vulnerable. Look for version 7.4 or lower.
π¨ **Urgency**: **CRITICAL**. This is an **Unauthenticated RCE** with **active exploitation** (KEV). πββοΈ Patch immediately. Do not wait. The risk of compromise is extremely high right now.