CVE-2025-34178— Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-34178
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
Source: NVD (National Vulnerability Database)
Vulnerability Description
In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Netgate pfSense CE 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Netgate pfSense CE是Netgate公司的一个基于FreeBSD的开源防火墙与路由平台,支持企业级网络安全与网络管理功能。 Netgate pfSense CE存在安全漏洞,该漏洞源于policy_name参数未清理HTML字符,可能导致存储型跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Netgate | pfSense CE | 7.0.8_2 | - |
II. Public POCs for CVE-2025-34178
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-34178
请登录查看更多情报信息。
Same Patch Batch · Netgate · 2025-09-09 · 7 CVEs total
| CVE-2025-34175 | Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting | |
| CVE-2025-34176 | Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure | |
| CVE-2025-34173 | Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure | |
| CVE-2025-34177 | Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting | |
| CVE-2025-34174 | Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting | |
| CVE-2025-34172 | Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting |
IV. Related Vulnerabilities
Same product: pfSense CE
- CVE-2025-34177
Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Si - CVE-2025-34176
Netgate pfSense CE Suricata Package v7.0.8_2 Directory Trave - CVE-2025-34175
Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross - CVE-2025-34174
Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 St - CVE-2025-34173
Netgate pfSense CE Snort package v4.1.6_25 Directory Travers
Same vendor: Netgate
- CVE-2016-20058
Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path - CVE-2016-20057
NETGATE Registry Cleaner build 16.0.205 Unquoted Service Pat - CVE-2019-25269
Amiti Antivirus 25.0.640 - Unquoted Service Path Vulnerabili - CVE-2019-25271
NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Servic - CVE-2025-12490
Netgate pfSense CE Suricata Path Traversal Remote Code Execu
Same weakness: CWE-79
- CVE-2026-8262
Devs Palace ERP Online chart-save cross site scripting - CVE-2026-8256
Devs Palace ERP Online mr-save cross site scripting - CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting
V. Comments for CVE-2025-34178
No comments yet