CVE-2025-34318

MEDIUM EPSS 37.8%

Published Oct 28, 20258mo ago · Modified Jun 17, 20261w ago

5.1 CVSS 4.0

Medium

Published Oct 28, 2025 8mo ago

Last Modified Jun 17, 2026 1w ago

Description

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME, UPSTREAM_USER, UPSTREAM_PASSWORD, ADMIN_MAIL_ADDRESS, and ADMIN_PASSWORD parameters when adding a new DNS entry. When a user adds a DNS entry, the application issues an HTTP POST request to /cgi-bin/dns.cgi and these values are provided in the corresponding parameters. The values are stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view the affected DNS configuration.

CVSS Details

Base Score

5.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction P

Scope X

Threat Intelligence

EPSS Exploit Probability

37.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

References 3

bugzilla.ipfire.org https://bugzilla.ipfire.org/show_bug.cgi?id=13893
ipfire.org https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released
vulncheck.com https://www.vulncheck.com/advisories/ipfire-stored-xss-via-dns-creation-proxy-cgi

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.