logo_clicknbuy.png

CVE-2025-34112 – Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution

The following table lists the changes that have been made to the
CVE-2025-34112 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Jul. 15, 2025

    Action Type Old Value New Value
    Added Description An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the ‘/api/common/1.0/login’ endpoint can be exploited to create a new user account in the appliance database. This user can then trigger a command injection vulnerability in the ‘/index.php?page=licenses’ endpoint to execute arbitrary commands. The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the ‘mazu’ user to execute arbitrary commands as root via SSH key extraction and command chaining. Successful exploitation allows full remote root access to the virtual appliance.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-78
    Added CWE CWE-89
    Added CWE CWE-306
    Added CWE CWE-266
    Added Reference https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb
    Added Reference https://support.riverbed.com/content/support/software/steelcentral-npm/net-profiler.html
    Added Reference https://www.exploit-db.com/exploits/40108
    Added Reference https://www.vulncheck.com/advisories/riverbed-steel-central-net-profiler-net-express-rce
Share the Post:

Related Posts