CVE-2025-34305
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-34305, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-28

Last updated on: 2025-11-03

Assigner: VulnCheck

Description

IPFire versions prior to 2.29 (Core Update 198) contain multiple stored cross-site scripting (XSS) vulnerabilities caused by a bug in the cleanhtml() function (/var/ipfire/header.pl) that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - for example, POST /cgi-bin/wakeonlan.cgi (CLIENT_COMMENT), /cgi-bin/dhcp.cgi (ADVOPT_DATA, FIX_REMARK, FIX_FILENAME, FIX_ROOTPATH), /cgi-bin/connscheduler.cgi (ACTION_COMMENT), /cgi-bin/dnsforward.cgi (REMARK), /cgi-bin/vpnmain.cgi (REMARK), or /cgi-bin/dns.cgi (REMARK) - the application calls escape() and HTML::Entities::encode_entities() but never assigns the sanitized result back to the output variable. The original unsanitized value is therefore stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view the affected entries.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-28
Last Modified
2025-11-03
Generated
2026-07-06
AI Q&A
2025-10-28
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 16 associated CPEs
Vendor Product Version / Range
ipfire ipfire to 2.29 (exc)
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can allow attackers to inject malicious scripts that execute in the context of other users who view the affected entries. This can lead to unauthorized actions, theft of session tokens, or other malicious activities within the web interface, potentially compromising user accounts or the system.

Executive Summary

This vulnerability is a stored cross-site scripting (XSS) issue in IPFire versions prior to 2.29 (Core Update 198). It occurs because the cleanhtml() function fails to properly encode user input before storing it. When authenticated users submit data to certain endpoints, the application attempts to sanitize the input but does not save the sanitized version. As a result, malicious scripts can be stored and later executed in the web interface when other users view the affected entries.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34305. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart