Plattform
php
Komponente
va-max
Behoben in
8.3.5
CVE-2019-25671 describes a remote code execution (RCE) vulnerability present in VA MAX versions 8.3.4. An authenticated attacker can exploit this flaw by injecting shell metacharacters into the mtu_eth0 parameter within the changeip.php endpoint, allowing them to execute arbitrary commands on the system. This vulnerability poses a significant risk to systems running affected versions of VA MAX, and a patch is required to remediate the issue.
An attacker exploiting CVE-2019-25671 can gain complete control over the VA MAX server. By injecting shell metacharacters into the mtu_eth0 parameter of the changeip.php endpoint, they can execute arbitrary commands with the privileges of the Apache user. This could involve installing malware, stealing sensitive data, modifying system configurations, or pivoting to other systems on the network. The blast radius extends to any data accessible by the Apache user, potentially including configuration files, user credentials, and application data. This vulnerability shares similarities with other command injection flaws where improper input sanitization allows attackers to execute arbitrary code.
CVE-2019-25671 was published on 2026-04-05. The vulnerability is considered to have a medium exploitation probability based on the requirement for authentication. Public proof-of-concept exploits are likely to emerge given the relatively straightforward nature of the command injection flaw. Check CISA and vendor advisories for updates on active exploitation campaigns.
Organizations running VA MAX 8.3.4, particularly those with publicly accessible instances or those that have not implemented robust input validation, are at significant risk. Shared hosting environments where multiple users share the same VA MAX instance are also particularly vulnerable, as a compromise of one user's account could lead to a broader system compromise.
• php: Examine access logs for POST requests to changeip.php containing suspicious characters (;, |, &, etc.) in the mtu_eth0 parameter.
• generic web: Use curl to test the changeip.php endpoint with a simple malicious payload (e.g., curl 'changeip.php?mtu_eth0=; whoami').
• linux / server: Monitor Apache user's process list (ps -u apache) for unexpected or malicious processes.
• linux / server: Review system logs (/var/log/syslog or equivalent) for errors or unusual activity related to the changeip.php script.
disclosure
Exploit-Status
EPSS
0.41% (61% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2019-25671 is to upgrade VA MAX to a patched version. If upgrading immediately is not possible, consider implementing temporary workarounds. Input validation on the mtu_eth0 parameter within the changeip.php endpoint is crucial. Web Application Firewalls (WAFs) configured to detect and block shell metacharacter injection attempts can provide an additional layer of defense. Monitor Apache user activity for suspicious commands. After upgrading, confirm the vulnerability is resolved by attempting a controlled injection of a benign command via the changeip.php endpoint and verifying that it is not executed.
Actualice a una versión corregida de VA MAX que solucione la vulnerabilidad de ejecución remota de código. Verifique la documentación del proveedor para obtener instrucciones específicas de actualización. Como medida temporal, limite el acceso al archivo changeip.php y valide estrictamente la entrada del parámetro mtu_eth0.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-25671 is a remote code execution vulnerability in VA MAX version 8.3.4 that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters.
If you are running VA MAX version 8.3.4, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade to a patched version of VA MAX. If upgrading is not immediately possible, implement input validation and WAF rules as temporary mitigations.
While there is no confirmed widespread exploitation, the vulnerability's nature and the time elapsed since publication suggest that exploitation is possible and should be considered a risk.
Refer to the VA MAX website or security mailing lists for the official advisory related to CVE-2019-25671.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.