Is CVE-2025-34037 in the CISA KEV catalog?

No. CVE-2025-34037 is not currently on the CISA Known Exploited Vulnerabilities list.

What is the EPSS score for CVE-2025-34037?

CVE-2025-34037 has an EPSS score of 85.37% (100th percentile), estimating the probability of exploitation in the next 30 days.

CVE & CISA-KEV Catalog

CVE-2025-34037

UNSCOREDEPSS 100th pctl

NVD

Description

An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability was reported to be exploited in the wild by the "TheMoon" worm in 2014 to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. Additionally, this vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.

CWE-78OS Command Injection

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

85.37%probability of exploitation in 30 days

100thpercentile

Very high risk: more likely to be exploited than 100% of all known CVEs.

References

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-03-20.