cbcvebase.
CVE-2025-34176
published 2025-09-09

CVE-2025-34176: In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This…

PriorityP334medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
14.01%
96.1th percentile
In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.

Affected

3 ranges
VendorProductVersion rangeFixed in
msrccbl2_junit_on_cbl_mariner_2.0
netgatepfsense_ce
pfsensepfsense< 2.8.02.8.0

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc5.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.