Linuxki - RCE (CVE-2020-7209)
186Exploiting IPs reported
LinuxKI v6.0-1 and earlier is vulnerable to a remote code execution which is resolved in release 6.0-2.
CrowdSec analysis
CVE-2020-7209 is a critical remote code execution vulnerability affecting LinuxKI, allowing attackers to execute arbitrary commands via crafted requests to a diagnostic interface.
CrowdSec has been tracking this vulnerability and its exploits since 27th of May 2025.
According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2020-7209 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. Data from the CrowdSec community also indicates a gradual decrease in attacks targeting CVE-2020-7209. While still present in the wild, exploitation levels have dropped noticeably week-over-week. This may signal that the vulnerability is becoming less relevant or that defenses are improving fast enough for attackers to lose interest.
Observed exploitation attempts are focused on URLs containing /linuxki/experimental/vis/kivis.php.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.