What is CVE-2025-34093?

CVE-2025-34093 is a vulnerability in Polycom Hdx Series, classified under OS Command Injection. Published 2025-07-10.

Is CVE-2025-34093 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Polycom Hdx Series

CVE-2025-34093

An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute ar…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.721 (98.8th percentile) — read the EPSS interpretation.

Affected products

Polycom Hdx Series — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
staaldraad.github.io/2017/11/12/polycom-hdx-rce/ (exploit, technical-description)
web.archive.org/web/20200312205144/http://support.polycom.com/content/dam/polyc… (vendor-advisory, patch)
www.exploit-db.com/exploits/24494 (exploit)
vulncheck.com/advisories/polycom-hdx-series-telnet-rce (third-party-advisory)

Frequently asked questions

What is CVE-2025-34093?: CVE-2025-34093 is a vulnerability in Polycom Hdx Series, classified under OS Command Injection. Published 2025-07-10.
Is CVE-2025-34093 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.