Netgate Pfsense Ce vulnerabilities

CVE-2025-34175 [MEDIUM] CWE-79 CVE-2025-34175: In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.

CVE-2025-34174 [MEDIUM] CWE-79 CVE-2025-34174: In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resul

CVE-2025-34173 [MEDIUM] CWE-22 CVE-2025-34173: In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target

CVE-2025-34172 [MEDIUM] CWE-79 CVE-2025-34172: In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent param In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.

CVE-2025-34176 [MEDIUM] CWE-22 CVE-2025-34176: In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitiz In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate fil

CVE-2025-34177 [MEDIUM] CWE-79 CVE-2025-34177: In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sani In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.

CVE-2025-34178 [MEDIUM] CWE-79 CVE-2025-34178: In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sani In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.

CVE-2024-54780 [HIGH] CWE-94 CVE-2024-54780: Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to com Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp param

CVE-2024-54779 [MEDIUM] CWE-79 CVE-2024-54779: Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cros Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php.

CVE-2024-57273 [MEDIUM] CWE-79 CVE-2024-57273: Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cros Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized "reason" field and a derivable device key generated

CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr