Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ICTBroadcast actively exploited unauthenticated command-injection flaw (CVE-2025-2611)

Vulnerability
First reported
Last updated
Happening score
H score 48
1 unique sources, 1 articles

Summary

Hide ▲

Researchers confirmed active exploitation of CVE-2025-2611 in ICTBroadcast, exposing vulnerable servers to unauthenticated remote code execution. The flaw affects versions 7.4 and below and stems from unsafe handling of session cookie data in shell processing. Observed attacks began on October 11 and used the BROADCAST cookie to probe command execution before attempting reverse shells. VulnCheck said roughly 200 online instances are exposed, while patch status remains unknown.

Related Happenings

Oracle WebLogic Server CVE-2026-21962 rapid exploitation wave

Exploitation Wave
First: 26.03.2026 18:00 Last: 26.03.2026 18:00 Sources 1

About this happening: **Oracle WebLogic Server** systems faced a rapid **CVE-2026-21962** exploitation wave after public exploit code appeared, creating immediate **RCE risk** for exposed servers. The...

Open Happening

BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave

Exploitation Wave
First: 12.02.2026 23:34 Last: 12.02.2026 23:34 Sources 1

About this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...

Open Happening

HPE OneView RondoDox exploitation wave (CVE-2025-37164)

Exploitation Wave
First: 16.01.2026 11:15 Last: 16.01.2026 11:15 Sources 1

About this happening: **RondoDox** has driven a **large-scale exploitation wave** against **HPE OneView** by targeting **CVE-2025-37164**, with activity escalating into **automated attacks** that creat...

Open Happening

ICTBroadcast exposed-server exploitation wave

Exploitation Wave
First: 15.10.2025 09:16 Last: 15.10.2025 09:16 Sources 1

How related: The cybersecurity firm said that it detected in-the-wild exploitation on October 11, with the attacks occurring in two phases, starting with a time-based exploit check followed by attempts to set up reverse shells.

About this happening: **Approximately 200 exposed ICTBroadcast instances** are facing **active exploitation**, with attackers using a **two-phase** sequence that first tests command execution and then...

Open Happening

Erlang/OTP SSH CVE-2025-32433 exploitation wave

Exploitation Wave
First: 11.08.2025 18:08 Last: 11.08.2025 18:08 Sources 1

About this happening: **CVE-2025-32433** is being exploited in **short, high-intensity bursts** against **Erlang/OTP SSH** servers, creating immediate risk for **exposed systems** and **OT networks**....

Open Happening

Timeline

  1. 15.10.2025 09:16 2 articles · 7mo ago

    Active exploitation of ICTBroadcast via the BROADCAST cookie

    Exploitation Observed

    Unknown threat actors exploited CVE-2025-2611 in ICTBroadcast by sending specially crafted HTTP requests that injected shell commands into the BROADCAST cookie, starting with a time-based exploit check and then attempts to set up reverse shells against vulnerable servers.

    Show sources
    Open in new tab
  2. 15.10.2025 09:16 1 articles · 7mo ago

    Researchers disclose active exploitation of ICTBroadcast flaw CVE-2025-2611

    Initial Disclosure

    Cybersecurity researchers disclosed that CVE-2025-2611 affects ICTBroadcast from ICT Innovations, enables unauthenticated remote code execution through unsafe session-cookie handling in the BROADCAST cookie, and impacts versions 7.4 and below.

    Show sources
    Open in new tab