{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-15T16:55:22.984","vulnerabilities":[{"cve":{"id":"CVE-2025-34116","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-07-15T13:15:32.493","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges."},{"lang":"es","value":"Existe una vulnerabilidad de ejecución remota de comandos en IPFire anterior a la versión 2.19 Core Update 101 a través de la interfaz CGI «proxy.cgi». Un atacante autenticado puede inyectar comandos de shell arbitrarios mediante valores manipulados en los campos del formulario de creación de usuarios de NCSA, lo que provoca la ejecución de comandos con privilegios de servidor web."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://bugzilla.ipfire.org/show_bug.cgi?id=11087","source":"disclosure@vulncheck.com"},{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ipfire_proxy_exec.rb","source":"disclosure@vulncheck.com"},{"url":"https://www.asafety.fr/en/vuln-exploit-poc/xss-rce-ipfire-2-19-core-update-101-remote-command-execution/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/39765","source":"disclosure@vulncheck.com"},{"url":"https://www.ipfire.org/news/ipfire-2-19-core-update-101-released","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/ipfire-authenticated-rce","source":"disclosure@vulncheck.com"}]}}]}