automatic module_metadata_base.json update

Author: jenkins-metasploit

db/modules_metadata_base.json

@@ -75362,6 +75362,63 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/ictbroadcast_unauth_cookie": {
+    "name": "ICTBroadcast Unauthenticated Remote Code Execution",
+    "fullname": "exploit/linux/http/ictbroadcast_unauth_cookie",
+    "aliases": [],
+    "rank": 600,
+    "disclosure_date": "2025-03-19",
+    "type": "exploit",
+    "author": [
+      "Valentin Lobstein"
+    ],
+    "description": "This module exploits an unauthenticated remote code execution (RCE) vulnerability\n          in ICTBroadcast. The vulnerability exists in the way session cookies are handled\n          and processed, allowing an attacker to inject arbitrary system commands.",
+    "references": [
+      "URL-https://www.ictbroadcast.com/",
+      "CVE-2025-2611"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix/Linux Command Shell"
+    ],
+    "mod_time": "2025-08-04 17:53:29 +0000",
+    "path": "/modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/ictbroadcast_unauth_cookie",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/imperva_securesphere_exec": {
     "name": "Imperva SecureSphere PWS Command Injection",
     "fullname": "exploit/linux/http/imperva_securesphere_exec",