CRITICAL🇵🇱 Wersja polska

CVE-2025-34112

CVSS 10.0v4.0pub. 2025-07-15upd. 2026-04-15

An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common/1.0/login' endpoint can be exploited to create a new user account in the appliance database. This user can then trigger a command injection vulnerability in the '/index.php?page=licenses' endpoint to execute arbitrary commands. The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. Successful exploitation allows full remote root access to the virtual appliance.

🤖 AI Analysis
How it works

The attacker first exploits an SQL injection vulnerability in the '/api/common/1.0/login' endpoint to inject a database query and create a new user account. Then, using this account, the attacker triggers a command injection vulnerability in the '/index.php?page=licenses' endpoint, which allows execution of arbitrary system commands. In the final stage, the attacker escalates privileges to root level by exploiting misconfigured sudoers — the 'mazu' user can execute any commands as root through SSH key extraction and command chaining.

Impact

Successful exploitation allows an attacker to gain full remote access to the virtual appliance with root privileges, meaning complete system takeover, ability to read and modify data, and further lateral movement within the network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. It is recommended to check for updates on the Riverbed support portal at the address indicated in the references and, until the patch is installed, restrict network access to vulnerable endpoints using a firewall or network segmentation.

Who is affected

Riverbed SteelCentral NetProfiler and NetExpress version 10.8.7 (virtual appliances)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESQLiLPECommand Injection
CWE
References