CVE-2025-34116 | THREATINT

Description

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-15 | Updated 2026-05-15 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-20 Improper Input Validation

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unaffected

Any version before 2.19 Core Update 101

affected

Credits

Yann Cam finder

References

www.ipfire.org/news/ipfire-2-19-core-update-101-released vendor-advisory patch

raw.githubusercontent.com/...linux/http/ipfire_proxy_exec.rb exploit

www.exploit-db.com/exploits/39765 exploit

www.asafety.fr/...-core-update-101-remote-command-execution/ third-party-advisory technical-description

bugzilla.ipfire.org/show_bug.cgi?id=11087 issue-tracking

www.vulncheck.com/advisories/ipfire-authenticated-rce third-party-advisory

cve.org (CVE-2025-34116)

nvd.nist.gov (CVE-2025-34116)

Download JSON

help @ threatint.eu