CVE-2025-34312

Опубликовано: 28 окт. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BE_NAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST to /cgi-bin/urlfilter.cgi and interpolates the value of BE_NAME directly into a shell invocation without appropriate sanitation. Crafted input can inject shell metacharacters, leading to arbitrary command execution in the context of the 'nobody' user.

Ссылки

https://bugzilla.ipfire.org/show_bug.cgi?id=13887
Issue Tracking
Third Party Advisory
https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released
Release Notes
https://www.vulncheck.com/advisories/ipfire-command-injection-via-url-filter-blacklist
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ipfire:ipfire:*:*:*:*:*:*:*:*

Версия до 2.29 (исключая)

cpe:2.3:a:ipfire:ipfire:2.29:core_update183:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update184:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update185:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update186:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update187:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update188:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update189:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update190:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update191:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update192:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update193:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update194:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update195:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update196:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.29:core_update197:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00408

Низкий

8.8 High

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-32xv-355r-2ff6