QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34116

Published: Jul 15, 2025

Modified: May 15, 2026

PUBLISHED

Description

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.

Vendor	Product	Versions
IPFire Project	IPFire	affected `0 - < 2.19 Core Update 101`

Weaknesses (CWE)

References

https://www.ipfire.org/news/ipfire-2-19-core-update-101-released

vendor-advisory

patch

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ipfire_proxy_exec.rb

exploit

https://www.exploit-db.com/exploits/39765

exploit

https://www.asafety.fr/en/vuln-exploit-poc/xss-rce-ipfire-2-19-core-update-101-remote-command-execution/

third-party-advisory

technical-description

https://bugzilla.ipfire.org/show_bug.cgi?id=11087

issue-tracking

https://www.vulncheck.com/advisories/ipfire-authenticated-rce

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.