CVE-2025-34305
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-28

Last updated on: 2025-11-03

Assigner: VulnCheck

Description
IPFire versions prior to 2.29 (Core Update 198) contain multiple stored cross-site scripting (XSS) vulnerabilities caused by a bug in the cleanhtml() function (/var/ipfire/header.pl) that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - for example, POST /cgi-bin/wakeonlan.cgi (CLIENT_COMMENT), /cgi-bin/dhcp.cgi (ADVOPT_DATA, FIX_REMARK, FIX_FILENAME, FIX_ROOTPATH), /cgi-bin/connscheduler.cgi (ACTION_COMMENT), /cgi-bin/dnsforward.cgi (REMARK), /cgi-bin/vpnmain.cgi (REMARK), or /cgi-bin/dns.cgi (REMARK) - the application calls escape() and HTML::Entities::encode_entities() but never assigns the sanitized result back to the output variable. The original unsanitized value is therefore stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view the affected entries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-28
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-10-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-34305
Affected Vendors & Products
Showing 16 associated CPEs
Vendor Product Version / Range
ipfire ipfire to 2.29 (exc)
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can allow attackers to inject malicious scripts that execute in the context of other users who view the affected entries. This can lead to unauthorized actions, theft of session tokens, or other malicious activities within the web interface, potentially compromising user accounts or the system.

Executive Summary

This vulnerability is a stored cross-site scripting (XSS) issue in IPFire versions prior to 2.29 (Core Update 198). It occurs because the cleanhtml() function fails to properly encode user input before storing it. When authenticated users submit data to certain endpoints, the application attempts to sanitize the input but does not save the sanitized version. As a result, malicious scripts can be stored and later executed in the web interface when other users view the affected entries.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34305. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart