CVE-2025-34116

HIGH

IPFire <2.19 - Authenticated RCE

Title source: llm

Description

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Yann CAM · textwebappscgi

https://www.exploit-db.com/exploits/39765

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by h00die <[email protected]>, Yann CAM · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ipfire_proxy_exec.rb

View Code ZIP pw:eip

References (6)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ipfire_proxy_exec.rb

[Various Sources] https://www.asafety.fr/en/vuln-exploit-poc/xss-rce-ipfire-2-19-core-update-101-remote-command-execution/

[Various Sources] https://www.ipfire.org/news/ipfire-2-19-core-update-101-released

[Issue Tracking] https://bugzilla.ipfire.org/show_bug.cgi?id=11087

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/39765

[Third Party Advisory] https://www.vulncheck.com/advisories/ipfire-authenticated-rce

Scores

CVSS v4 8.7

EPSS 0.6072

EPSS Percentile 98.3%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-20 CWE-306 CWE-78

Status published

Products (1)

IPFire Project/IPFire < 2.19 Core Update 101

Published Jul 15, 2025

Tracked Since Feb 18, 2026