CVE-2025-34316
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-28

Last updated on: 2025-11-03

Assigner: VulnCheck

Description
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txt_mailuser and txt_mailpass parameters when updating the mail server settings. When a user updates the mail server, the application issues an HTTP POST request to /cgi-bin/mail.cgi and the username and password are provided in the txt_mailuser and txt_mailpass parameters. The values of these parameters are stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view the affected mail configuration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-28
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-10-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-34316
Affected Vendors & Products
Showing 16 associated CPEs
Vendor Product Version / Range
ipfire ipfire to 2.29 (exc)
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
ipfire ipfire 2.29
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stored cross-site scripting (XSS) issue in IPFire versions prior to 2.29 (Core Update 198). An authenticated attacker can inject arbitrary JavaScript code through the txt_mailuser and txt_mailpass parameters when updating mail server settings. These parameters are stored and later displayed in the web interface without proper sanitization, causing the injected scripts to execute in the context of other users who view the affected mail configuration.

Impact Analysis

The vulnerability can allow an attacker to execute arbitrary JavaScript code in the context of other users viewing the mail server configuration. This can lead to session hijacking, unauthorized actions performed on behalf of users, or theft of sensitive information accessible through the web interface.

Detection Guidance

You can detect this vulnerability by monitoring HTTP POST requests to /cgi-bin/mail.cgi and inspecting the txt_mailuser and txt_mailpass parameters for suspicious or unexpected JavaScript code. Since the vulnerability involves stored XSS via these parameters, reviewing the mail server settings update requests for injected scripts can help identify exploitation attempts. Specific commands are not provided in the available information.

Mitigation Strategies

Immediate mitigation steps include avoiding updating mail server settings through the vulnerable interface until a patch or update is applied. Restrict access to the mail server settings page to trusted users only, and monitor for suspicious activity related to the txt_mailuser and txt_mailpass parameters. Applying the latest IPFire update (version 2.29 Core Update 198 or later) once available will resolve the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34316. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart