CVE-2025-34116

{"id": "CVE-2025-34116", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-15T13:15:32.493", "references": [{"url": "https://bugzilla.ipfire.org/show_bug.cgi?id=11087", "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ipfire_proxy_exec.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://www.asafety.fr/en/vuln-exploit-poc/xss-rce-ipfire-2-19-core-update-101-remote-command-execution/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/39765", "source": "disclosure@vulncheck.com"}, {"url": "https://www.ipfire.org/news/ipfire-2-19-core-update-101-released", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/ipfire-authenticated-rce", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de comandos en IPFire anterior a la versi\u00f3n 2.19 Core Update 101 a trav\u00e9s de la interfaz CGI \u00abproxy.cgi\u00bb. Un atacante autenticado puede inyectar comandos de shell arbitrarios mediante valores manipulados en los campos del formulario de creaci\u00f3n de usuarios de NCSA, lo que provoca la ejecuci\u00f3n de comandos con privilegios de servidor web."}], "lastModified": "2025-07-15T20:07:28.023", "sourceIdentifier": "disclosure@vulncheck.com"}