Description
An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.
Published: 2025-07-15
Score: 8.7 High
EPSS: 52.6% High
KEV: No
Impact: Authenticated command execution
Action: Patch immediately
AI Analysis

Impact

OP5 Monitor versions up to 7.1.9 contain an authenticated command injection flaw in the command_test.php endpoint. The vulnerability is triggered by supplying arbitrary input to the cmd_str parameter while using the Test this command feature. An attacker who has valid login credentials and access to the web interface can run any shell command as the web application user, which can lead to remote code execution with the privileges of that user.

Affected Systems

The affected product is OP5 Monitor from the ITRS Group, specifically versions 7.1.9 and all earlier releases. The issue was fixed starting with version 7.2.0.

Risk and Exploitability

With a CVSS score of 8.7, the flaw is considered high severity. The EPSS score of 53% indicates a significant likelihood that exploitation attempts could occur in the near term. The vulnerability is not listed in CISA’s KEV catalog, but it requires authentication to the web interface and legitimate access to the command_test feature, which limits the attack scope to environments where an attacker can obtain credentials or compromise a user who has those permissions. Overall, the risk is elevated due to the high exploitation probability and the potential for arbitrary code execution on the monitored systems.

Generated by OpenCVE AI on April 28, 2026 at 01:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OP5 Monitor to version 7.2.0 or later to remove the vulnerability.
  • If upgrading is not possible, disable or remove the command_test.php functionality from the web interface.
  • Restrict web UI access to trusted users only and enforce strong authentication to limit the set of accounts that can reach the vulnerable endpoint.

Generated by OpenCVE AI on April 28, 2026 at 01:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21432 An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.
History

Thu, 05 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Op5
Op5 monitor
CPEs cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*
Vendors & Products Op5
Op5 monitor

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00553}

Tue, 15 Jul 2025 14:30:00 +0000

Type Values Removed Values Added
References

Tue, 15 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 15 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
References

Tue, 15 Jul 2025 13:15:00 +0000

Type Values Removed Values Added
Description An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.
Title OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php
Weaknesses CWE-20
CWE-306
CWE-78
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Op5 Monitor
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:09:40.057Z

Reserved: 2025-04-15T19:15:22.560Z

Link: CVE-2025-34115

cve-icon Vulnrichment

Updated: 2025-07-15T13:39:47.415Z

cve-icon NVD

Status : Deferred

Published: 2025-07-15T13:15:31.437

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34115

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:15:15Z

Weaknesses