Description

IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanitize several rule parameters such as PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, and tgt_addr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed whenever another admin views the firewall rules page, enabling session hijacking, unauthorized actions within the interface, or further internal pivoting. Exploitation requires only high-privilege GUI access, and the complexity of the attack is low.

INFO

Published Date :

2025-08-26T00:00:00.000Z

Last Modified :

2025-08-27T14:44:04.464Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-50975 vulnerability.

Vendors Products
Ipfire
  • Ipfire
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-50975.

URL Resource
https://github.com/4rdr/proofs/blob/main/info/IPFire-2.29-Stored-XSS-via-Firewall.md cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System