CVE-2025-34314 | IPFire up to 2.28 Web Interface /cgi-bin/urlfilter.cgi SRC/DST/COMMENT cross site scripting

October 28, 2025 Yanac

A vulnerability classified as problematic was found in IPFire up to 2.28. Impacted is an unknown function of the file /cgi-bin/urlfilter.cgi of the component Web Interface. Such manipulation of the argument SRC/DST/COMMENT leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2025-34314. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More