VYPR
Critical severityNVD Advisory· Published Jul 2, 2025· Updated Apr 15, 2026

CVE-2025-34073

CVE-2025-34073

Description

An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions <=0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input passed to subprocess.check_output() in core/http.py, allowing injection of shell metacharacters. Exploitation does not require authentication and commands are executed with the privileges of the Maltrail process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Stamparm/Maltrailreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=0.54

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.