PT-2025-29554 · Riverbed Technology · Riverbed Steelcentral Netprofiler+1
Francesco Oddo
·
Published
2025-07-15
·
Updated
2025-07-15
·
CVE-2025-34112
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Riverbed SteelCentral NetProfiler and NetExpress version 10.8.7
Description
An authenticated multi-stage remote code execution issue exists. A SQL injection vulnerability in the
/api/common/1.0/login endpoint can be exploited to create a new user account in the appliance database. This user can then trigger a command injection vulnerability in the /index.php?page=licenses endpoint to execute arbitrary commands. An insecure sudoers configuration allows the mazu user to execute arbitrary commands as root via SSH key extraction and command chaining, potentially leading to full remote root access to the virtual appliance.Recommendations
Apply mitigations to prevent SQL injection in the
/api/common/1.0/login endpoint.
Address the command injection vulnerability in the /index.php?page=licenses endpoint.
Secure the sudoers configuration to prevent the mazu user from executing arbitrary commands as root.Exploit
Fix
LPE
RCE
Missing Authentication
Incorrect Privilege Assignment
SQL injection
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Riverbed Steelcentral Netexpress
Riverbed Steelcentral Netprofiler