What is CVE-2025-34030?

CVE-2025-34030 is a vulnerability in Sar2html, classified under OS Command Injection. Published 2025-06-20.

Is CVE-2025-34030 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Sar2html

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.591 (99.0th percentile) — read the EPSS interpretation.

Affected products

Sar2html — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

github.com/cemtan/sar2html (product)
www.exploit-db.com/exploits/47204 (exploit)
www.fortiguard.com/encyclopedia/ips/48624 (third-party-advisory)
vulncheck.com/advisories/sar2html-command-injection (third-party-advisory)

Frequently asked questions

What is CVE-2025-34030?: CVE-2025-34030 is a vulnerability in Sar2html, classified under OS Command Injection. Published 2025-06-20.
Is CVE-2025-34030 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.