QwikSec

Security Database

CVE

CWE

Training

CVE-2025-2611

Published: Aug 5, 2025

Modified: Nov 4, 2025

PUBLISHED

Description

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.

Vendor	Product	Versions
ICT Innovations	ICTBroadcast	affected `0 - <= 7.4`

Weaknesses (CWE)

References

https://github.com/rapid7/metasploit-framework/pull/20446

exploit

https://www.vulncheck.com/blog/ictbroadcast-kev

technical-description

exploit

https://www.vulncheck.com/advisories/ictbroadcast-unauthenticated-session-cookie-rce

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.