Vulnerabilities

CVE-2025-34177

by Fred · 09/09/2025

In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least “WebCfg – Services: suricata package” permissions.

More information : https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4

Similar

Tags: Cybersecurity Alert