CNNVD-202509-1164 Information
CNNVD ID
CNNVD-202509-1164
Related CVE
- CNNVD Published: 2025-09-09
Description (Chinese)
Netgate pfSense CE是Netgate公司的一个基于FreeBSD的开源防火墙与路由平台,支持企业级网络安全与网络管理功能。 Netgate pfSense CE存在安全漏洞,该漏洞源于iplist参数未清理目录遍历字符,可能导致文件枚举。
Description (English)
Netgate pfSense CE, an open-source firewall and route platform based on FreeBSD for Netgate, supports enterprise-level network security and network management functions. There is a security loophole in Netgate pfSense CE, which originates from iplist parameters that do not clean up the directory through the characters, which may lead to the listing of files.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
NETGATE
Published
2025-09-09
Last Modified
2026-02-24
References
https://redmine.pfsense.org/issues/16414 https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4 https://vigilance.fr/vulnerability/pfSense-CE-four-vulnerabilities-dated-10-09-2025-48193 https://access.redhat.com/security/cve/cve-2025-34176
Patch
https://www.pfsense.org/download/
Share on: