Vulnerabilities

CVE-2025-34116

by Fred · 15/07/2025

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the ‘proxy.cgi’ CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.

Assigner : disclosure@vulncheck.com

More information : https://bugzilla.ipfire.org/show_bug.cgi?id=11087

Similar

Tags: Cybersecurity Alert