Linuxki - RCE (CVE-2020-7209)
182Exploiting IPs reported
LinuxKI v6.0-1 and earlier is vulnerable to a remote code execution which is resolved in release 6.0-2.
CrowdSec analysis
CVE-2020-7209 is a critical remote code execution vulnerability affecting LinuxKI, allowing attackers to execute arbitrary commands via crafted requests to a diagnostic interface.
CrowdSec has been tracking this vulnerability and its exploits since 27th of May 2025.
According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2020-7209 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. In addition, according to the CrowdSec network, attack volume against CVE-2020-7209 has dipped slightly compared to the previous week. Although still commonly targeted, the decline suggests a cooling-off period. Long-term relevance remains, but attention is waning.
Observed exploitation attempts are focused on URLs containing /linuxki/experimental/vis/kivis.php.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.