It’s remotely triggerable, but attackers would already have pretty deep network access if they could “prime” your server for compromise.