CNNVD-202510-3810 Information

Oct 28, 2025 cve

CNNVD ID

CNNVD-202510-3810

CVE-2025-34318

CNNVD Published: 2025-10-28

Description (Chinese)

IPFire是IPFire组织的一种开源 Linux 发行版。主要用作路由器和防火墙。 IPFire 2.29之前版本存在安全漏洞，该漏洞源于对TLS_HOSTNAME、UPSTREAM_USER、UPSTREAM_PASSWORD、ADMIN_MAIL_ADDRESS和ADMIN_PASSWORD参数清理和转义不足，可能导致存储型跨站脚本攻击。

Description (English)

IPFire is an open source for the organization Linux. Mainly used as routers and firewalls. The previous version of IPFire 2.29 had a security loophole, which originated from inadequate clean-up and conversion of parameters of TLS HOSTNAME, UPSTREAM USER, UPSTREAM PASSWORD, ADMIN MAIL ADDRESS and ADMIN PASSWORD, which could lead to storage-type cross-station script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

IPFire

Published

2025-10-28

Last Modified

2026-02-24

References

https://bugzilla.ipfire.org/show_bug.cgi?id=13893 https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released https://www.vulncheck.com/advisories/ipfire-stored-xss-via-dns-creation-proxy-cgi https://access.redhat.com/security/cve/cve-2025-34318

Patch

https://www.ipfire.org/downloads/ipfire-2.29-core198

Share on: