Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

IPFire.org — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting IPFire.org. AI-powered Chinese analysis, POCs, and references for each vulnerability.

IPFire.org serves as a Linux-based firewall distribution designed for network security and access control. Historically, its vulnerabilities have commonly included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from web interface misconfigurations or insufficient input validation. The project maintains a security-focused development approach with regular updates and a transparent disclosure process. While no major security incidents have been widely documented, the 18 CVEs on record highlight typical challenges in maintaining complex network security software. The platform emphasizes modularity and customizability, allowing administrators to tailor security policies to specific infrastructure needs while maintaining a balance between functionality and security hardening.

Top products by IPFire.org: IPFire
CVE IDTitleCVSSSeverityPublished
CVE-2025-34311 IPFire < v2.29 Command Injection via Proxy Report Creation — IPFireCWE-78 8.8AIHighAI2025-10-28
CVE-2025-34312 IPFire < v2.29 Command Injection via URL Filter Blacklist — IPFireCWE-78 8.8AIHighAI2025-10-28
CVE-2025-34304 IPFire < v2.29 SQL Injection via OpenVPN Connection Logs — IPFireCWE-89 6.5AIMediumAI2025-10-28
CVE-2025-34307 IPFire < v2.29 Stored XSS via Default Country Search — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34306 IPFire < v2.29 Stored XSS via Default IP Search Value — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34308 IPFire < v2.29 Stored XSS via Default Time Sync — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34318 IPFire < v2.29 Stored XSS via DNS Creation (proxy.cgi) — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34317 IPFire < v2.29 Stored XSS via DNS Creation (dns.cgi) — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34309 IPFire < v2.29 Stored XSS via Dynamic DNS Host — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34301 IPFire < v2.29 Stored XSS via Location Group Creation — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34316 IPFire < v2.29 Stored XSS via Mail Server Settings — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34305 IPFire < v2.29 Stored XSS via Multiple Methods in cleanhtml() — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34310 IPFire < v2.29 Stored XSS via Quality of Service (QoS) Settings — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34315 IPFire < v2.29 Stored XSS via Remote Syslog Server Address — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34302 IPFire < v2.29 Stored XSS via Service Creation — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34314 IPFire < v2.29 Stored XSS via Time Constraint Rule URL Filter — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34313 IPFire < v2.29 Stored XSS via User Quota Rule URL Filter — IPFireCWE-79 5.4AIMediumAI2025-10-28
CVE-2025-34303 IPFire < v2.29 Stored XSS via Whitelisted Host Creation — IPFireCWE-79 5.4AIMediumAI2025-10-28

This page lists every published CVE security advisory associated with IPFire.org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.