CVE-2025-34316

IPFire < v2.29 Stored XSS via Mail Server Settings

CVSS 5.1 MEDIUMEPSS 0.5%CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.1EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

28 out 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txt_mailuser and txt_mailpass parameters when updating the mail server settings. When a user updates the mail server, the application issues an HTTP POST request to /cgi-bin/mail.cgi and the username and password are provided in the txt_mailuser and txt_mailpass parameters. The values of these parameters are stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view the affected mail configuration.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Produtos afetados

IPFire.org · IPFire

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugzilla.ipfire.org/show_bug.cgi?id=13891 https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released https://www.vulncheck.com/advisories/ipfire-stored-xss-via-mail-server-settings