CVE-2025-34312
IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BE_NAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST to /cgi-bin/urlfilter.cgi and interpolates the value of BE_NAME directly into a shell invocation without appropriate sanitation. Crafted input can inject shell metacharacters, leading to arbitrary command execution in the context of the 'nobody' user.
| Software | From | Fixed in |
|---|---|---|
| ipfire / ipfire | - | 2.29 |
| ipfire / ipfire | 2.29-core_update183 | 2.29-core_update183.x |
| ipfire / ipfire | 2.29-core_update184 | 2.29-core_update184.x |
| ipfire / ipfire | 2.29-core_update185 | 2.29-core_update185.x |
| ipfire / ipfire | 2.29-core_update186 | 2.29-core_update186.x |
| ipfire / ipfire | 2.29-core_update187 | 2.29-core_update187.x |
| ipfire / ipfire | 2.29-core_update188 | 2.29-core_update188.x |
| ipfire / ipfire | 2.29-core_update189 | 2.29-core_update189.x |
| ipfire / ipfire | 2.29-core_update190 | 2.29-core_update190.x |
| ipfire / ipfire | 2.29-core_update191 | 2.29-core_update191.x |
| ipfire / ipfire | 2.29-core_update192 | 2.29-core_update192.x |
| ipfire / ipfire | 2.29-core_update193 | 2.29-core_update193.x |
| ipfire / ipfire | 2.29-core_update194 | 2.29-core_update194.x |
| ipfire / ipfire | 2.29-core_update195 | 2.29-core_update195.x |
| ipfire / ipfire | 2.29-core_update196 | 2.29-core_update196.x |
| ipfire / ipfire | 2.29-core_update197 | 2.29-core_update197.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime