We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-34116

IPFire < 2.19 Core Update 101 proxy.cgi RCE



Description

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.

Reserved 2025-04-15 | Published 2025-07-15 | Updated 2025-07-15 | Assigner VulnCheck


HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-20 Improper Input Validation

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

* before 2.19 Core Update 101
affected

Credits

Yann Cam finder

References

www.ipfire.org/news/ipfire-2-19-core-update-101-released vendor-advisory patch

raw.githubusercontent.com/...linux/http/ipfire_proxy_exec.rb exploit

www.exploit-db.com/exploits/39765 exploit

www.asafety.fr/...-core-update-101-remote-command-execution/ third-party-advisory technical-description

bugzilla.ipfire.org/show_bug.cgi?id=11087 issue-tracking

www.vulncheck.com/advisories/ipfire-authenticated-rce third-party-advisory

cve.org (CVE-2025-34116)

nvd.nist.gov (CVE-2025-34116)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-34116

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.