CVE-2025-34304
IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTION_NAME parameter. When viewing a range of OpenVPN connection logs, the application issues an HTTP POST request to the Request-URI /cgi-bin/logs.cgi/ovpnclients.dat and inserts the value of the CONNECTION_NAME parameter directly into the WHERE clause without proper sanitization or parameterization. The unsanitized value can alter the executed query and be used to disclose sensitive information from the database.
| Software | From | Fixed in |
|---|---|---|
| ipfire / ipfire | - | 2.29 |
| ipfire / ipfire | 2.29-core_update183 | 2.29-core_update183.x |
| ipfire / ipfire | 2.29-core_update184 | 2.29-core_update184.x |
| ipfire / ipfire | 2.29-core_update185 | 2.29-core_update185.x |
| ipfire / ipfire | 2.29-core_update186 | 2.29-core_update186.x |
| ipfire / ipfire | 2.29-core_update187 | 2.29-core_update187.x |
| ipfire / ipfire | 2.29-core_update188 | 2.29-core_update188.x |
| ipfire / ipfire | 2.29-core_update189 | 2.29-core_update189.x |
| ipfire / ipfire | 2.29-core_update190 | 2.29-core_update190.x |
| ipfire / ipfire | 2.29-core_update191 | 2.29-core_update191.x |
| ipfire / ipfire | 2.29-core_update192 | 2.29-core_update192.x |
| ipfire / ipfire | 2.29-core_update193 | 2.29-core_update193.x |
| ipfire / ipfire | 2.29-core_update194 | 2.29-core_update194.x |
| ipfire / ipfire | 2.29-core_update195 | 2.29-core_update195.x |
| ipfire / ipfire | 2.29-core_update196 | 2.29-core_update196.x |
| ipfire / ipfire | 2.29-core_update197 | 2.29-core_update197.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime