Vulnerability Database

308,926

Total vulnerabilities in the database

CVE-2025-34311

IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP POST to /cgi-bin/logs.cgi/calamaris.dat and reads the values of DAY_BEGIN, MONTH_BEGIN, YEAR_BEGIN, DAY_END, MONTH_END, YEAR_END, NUM_DOMAINS, PERF_INTERVAL, NUM_CONTENT, HIST_LEVEL, NUM_HOSTS, NUM_URLS, and BYTE_UNIT, which are interpolated directly into the shell invocation of the mkreport helper. Because these parameters are never sanitized for improper characters or constructs, a crafted POST can inject shell metacharacters into one or more fields, causing arbitrary commands to run with the privileges of the 'nobody' user.

  • Published: Oct 28, 2025
  • Updated: Nov 4, 2025
  • CVE: CVE-2025-34311
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
ipfire / ipfire - 2.29
ipfire / ipfire 2.29-core_update183 2.29-core_update183.x
ipfire / ipfire 2.29-core_update184 2.29-core_update184.x
ipfire / ipfire 2.29-core_update185 2.29-core_update185.x
ipfire / ipfire 2.29-core_update186 2.29-core_update186.x
ipfire / ipfire 2.29-core_update187 2.29-core_update187.x
ipfire / ipfire 2.29-core_update188 2.29-core_update188.x
ipfire / ipfire 2.29-core_update189 2.29-core_update189.x
ipfire / ipfire 2.29-core_update190 2.29-core_update190.x
ipfire / ipfire 2.29-core_update191 2.29-core_update191.x
ipfire / ipfire 2.29-core_update192 2.29-core_update192.x
ipfire / ipfire 2.29-core_update193 2.29-core_update193.x
ipfire / ipfire 2.29-core_update194 2.29-core_update194.x
ipfire / ipfire 2.29-core_update195 2.29-core_update195.x
ipfire / ipfire 2.29-core_update196 2.29-core_update196.x
ipfire / ipfire 2.29-core_update197 2.29-core_update197.x