CVE-2025-34315 | IPFire up to 2.28 Web Interface config.dat REMOTELOG_ADDR cross site scripting

October 28, 2025 Yanac

A vulnerability, which was classified as problematic, has been found in IPFire up to 2.28. The affected element is an unknown function of the file /cgi-bin/logs.cgi/config.dat of the component Web Interface. Performing manipulation of the argument REMOTELOG_ADDR results in cross site scripting.

This vulnerability was named CVE-2025-34315. The attack may be initiated remotely. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More