What is CVE-2025-34079?

CVE-2025-34079 is a vulnerability in Nsclient++, classified under Code Injection. Published 2025-07-02.

Is CVE-2025-34079 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Nsclient++

CVE-2025-34079

An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interfa…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.731 (98.8th percentile) — read the EPSS interpretation.

Affected products

Nsclient++ — versions 0.5.2.35

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
www.exploit-db.com/exploits/48360 (exploit)
vulncheck.com/advisories/nsclient-localtoremote-system-compromise (third-party-advisory)

Frequently asked questions

What is CVE-2025-34079?: CVE-2025-34079 is a vulnerability in Nsclient++, classified under Code Injection. Published 2025-07-02.
Is CVE-2025-34079 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.