Security Advisory

CVE-2025-2611

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-05 15:00:32
Last updated 2026-06-23 16:13:23
Assigner VulnCheck
State PUBLISHED

Description

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.