Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.

Published

2025-07-15T13:15:32.493

Last Modified

2025-07-15T20:07:28.023

Status

Awaiting Analysis

Source

[email protected]

Severity

Weaknesses

Type: Secondary
CWE-20
CWE-78
CWE-306

Affected Vendors & Products

References

https://bugzilla.ipfire.org/show_bug.cgi?id=11087 ([email protected])
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ipfire_proxy_exec.rb ([email protected])
https://www.asafety.fr/en/vuln-exploit-poc/xss-rce-ipfire-2-19-core-update-101-remote-command-execution/ ([email protected])
https://www.exploit-db.com/exploits/39765 ([email protected])
https://www.ipfire.org/news/ipfire-2-19-core-update-101-released ([email protected])
https://www.vulncheck.com/advisories/ipfire-authenticated-rce ([email protected])