What is CVE-2025-34088?

CVE-2025-34088 is a vulnerability in Artica St Pandora Fms, classified under OS Command Injection. Published 2025-07-03.

Is CVE-2025-34088 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Artica St Pandora Fms

CVE-2025-34088

An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.741 (98.9th percentile) — read the EPSS interpretation.

Affected products

Artica St Pandora Fms — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/48334 (exploit)
www.rapid7.com/db/modules/exploit/linux/http/pandora_ping_cmd_exec/ (third-party-advisory)
github.com/pandorafms/pandorafms (product)
vulncheck.com/advisories/pandora-fms-rce-via-ping (third-party-advisory)

Frequently asked questions

What is CVE-2025-34088?: CVE-2025-34088 is a vulnerability in Artica St Pandora Fms, classified under OS Command Injection. Published 2025-07-03.
Is CVE-2025-34088 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.