IPFire — Vulnerabilities & Security Advisories 25

All 25 CVE vulnerabilities found in IPFire, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Paused
CVE-2019-25400	IPFire 2.21 Core Update 127 Multiple XSS via fwhosts.cgi CWE-79	5.4	Medium	2026-02-18
CVE-2019-25399	IPFire 2.21 Core Update 127 Stored XSS via extrahd.cgi CWE-79	6.4	Medium	2026-02-18
CVE-2019-25398	IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi CWE-79	6.1	Medium	2026-02-18
CVE-2019-25397	IPFire 2.21 Core Update 127 Cross-Site Scripting via hosts.cgi CWE-79	6.1	Medium	2026-02-18
CVE-2019-25396	IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi CWE-79	6.1	Medium	2026-02-18
CVE-2025-34311	IPFire < v2.29 Command Injection via Proxy Report Creation CWE-78	8.8^AI	High^AI	2025-10-28
CVE-2025-34312	IPFire < v2.29 Command Injection via URL Filter Blacklist CWE-78	8.8^AI	High^AI	2025-10-28
CVE-2025-34304	IPFire < v2.29 SQL Injection via OpenVPN Connection Logs CWE-89	6.5^AI	Medium^AI	2025-10-28
CVE-2025-34307	IPFire < v2.29 Stored XSS via Default Country Search CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34306	IPFire < v2.29 Stored XSS via Default IP Search Value CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34308	IPFire < v2.29 Stored XSS via Default Time Sync CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34318	IPFire < v2.29 Stored XSS via DNS Creation (proxy.cgi) CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34317	IPFire < v2.29 Stored XSS via DNS Creation (dns.cgi) CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34309	IPFire < v2.29 Stored XSS via Dynamic DNS Host CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34301	IPFire < v2.29 Stored XSS via Location Group Creation CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34316	IPFire < v2.29 Stored XSS via Mail Server Settings CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34305	IPFire < v2.29 Stored XSS via Multiple Methods in cleanhtml() CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34310	IPFire < v2.29 Stored XSS via Quality of Service (QoS) Settings CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34315	IPFire < v2.29 Stored XSS via Remote Syslog Server Address CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34302	IPFire < v2.29 Stored XSS via Service Creation CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34314	IPFire < v2.29 Stored XSS via Time Constraint Rule URL Filter CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34313	IPFire < v2.29 Stored XSS via User Quota Rule URL Filter CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34303	IPFire < v2.29 Stored XSS via Whitelisted Host Creation CWE-79	5.4^AI	Medium^AI	2025-10-28
CVE-2025-34116	IPFire < 2.19 Core Update 101 proxy.cgi RCE CWE-78	8.8^AI	High^AI	2025-07-15
CVE-2022-36368	IPFire 跨站脚本漏洞	4.8	-	2022-10-24

All 25 known CVE vulnerabilities affecting IPFire with full Chinese analysis, references, and POCs where available.

Support Us — Your donation helps us keep running

IPFire — Vulnerabilities & Security Advisories 25