CVE-2025-34176 — Path Traversal in Pfsense

CWE-22 — Path Traversal CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 83.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pfsense Netgate Pfsense CE Msrc Cbl2 Junit ON CBL Mariner 2.0

Timeline

PublishedSep 9

Description

In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDpfsense/pfsense< 2.8.0

▶CVEListV5netgate/pfsense_ce7.0.8_2

▶msrcmsrc/cbl2_junit_on_cbl_mariner_2.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-4fgr-95mh-x7h2: In pfSense CE /suricata/suricata_ip_reputation↗2025-09-09

▶

📋Vendor Advisories

Microsoft

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Up↗2022-06-14

▶