CVE-2025-34116
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IPFire Project | IPFire | 0 < 2.19 Core Update 101 | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-20: CWE-20 Improper Input Validation
- CWE-306: CWE-306 Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.ipfire.org/news/ipfire-2-19-core-update-101-released
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ipfire_proxy_exec.rb
- https://www.exploit-db.com/exploits/39765
- https://www.asafety.fr/en/vuln-exploit-poc/xss-rce-ipfire-2-19-core-update-101-remote-command-execution/
- https://bugzilla.ipfire.org/show_bug.cgi?id=11087
- https://www.vulncheck.com/advisories/ipfire-authenticated-rce
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.