Linuxki - RCE (CVE-2020-7209)
192Exploiting IPs reported
LinuxKI v6.0-1 and earlier is vulnerable to a remote code execution which is resolved in release 6.0-2.
CrowdSec analysis
CVE-2020-7209 is a critical remote code execution vulnerability affecting LinuxKI, allowing attackers to execute arbitrary commands via crafted requests to a diagnostic interface.
CrowdSec has been tracking this vulnerability and its exploits since 27th of May 2025.
CrowdSec network observations suggest that most exploitation of CVE-2020-7209 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. Telemetry from the CrowdSec network also shows that exploitation activity for CVE-2020-7209 remains steady week-over-week. Attack volumes are consistent with long-term trends, indicating sustained interest from threat actors. CVE-2020-7209 continues to be an active part of the threat landscape and will likely remain this way for the forseeable future.
Observed exploitation attempts are focused on URLs containing /linuxki/experimental/vis/kivis.php.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.