CNNVD-202509-1202 Information
CNNVD ID
CNNVD-202509-1202
Related CVE
- CNNVD Published: 2025-09-09
Description (Chinese)
Netgate pfSense CE是Netgate公司的一个基于FreeBSD的开源防火墙与路由平台,支持企业级网络安全与网络管理功能。 Netgate pfSense CE存在安全漏洞,该漏洞源于iplist参数未清理目录遍历字符,可能导致文件枚举。
Description (English)
Netgate pfSense CE, an open-source firewall and route platform based on FreeBSD for Netgate, supports enterprise-level network security and network management functions. There is a security loophole in Netgate pfSense CE, which originates from iplist parameters that do not clean up the directory through the characters, which may lead to the listing of files.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
NETGATE
Published
2025-09-09
Last Modified
2026-02-24
References
https://redmine.pfsense.org/issues/16412 https://github.com/pfsense/FreeBSD-ports/commit/d6f462bcc446969f8955c16cfde300d5c9ab7435 https://access.redhat.com/security/cve/cve-2025-34173 https://vigilance.fr/vulnerability/pfSense-CE-directory-traversal-via-snort-ip-reputation-php-48191
Patch
https://www.pfsense.org/download/
Share on: