CVE-2025-34116

EUVD-2025-21433
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Common Weakness Enumeration
References
https://bugzilla.ipfire.org/show_bug.cgi?id=11087
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ipfire_proxy_exec.rb
https://www.asafety.fr/en/vuln-exploit-poc/xss-rce-ipfire-2-19-core-update-101-remote-command-execution/
https://www.exploit-db.com/exploits/39765
https://www.ipfire.org/news/ipfire-2-19-core-update-101-released
https://www.vulncheck.com/advisories/ipfire-authenticated-rce