What is CVE-2025-34073?

CVE-2025-34073 is a vulnerability in Stamparm Maltrail, classified under OS Command Injection. Published 2025-07-02.

Is CVE-2025-34073 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Stamparm Maltrail

CVE-2025-34073

An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions <=0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoin…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.658 (98.5th percentile) — read the EPSS interpretation.

Affected products

Stamparm Maltrail — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
huntr.com/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87 (third-party-advisory, exploit)
github.com/stamparm/maltrail (product)
github.com/stamparm/maltrail/issues/19146 (issue-tracking)
vulncheck.com/advisories/stamparm-maltrail-rce (third-party-advisory)

Frequently asked questions

What is CVE-2025-34073?: CVE-2025-34073 is a vulnerability in Stamparm Maltrail, classified under OS Command Injection. Published 2025-07-02.
Is CVE-2025-34073 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.