CVE-2025-34306 | IPFire up to 2.28 Web Interface firewalllogip.dat cross site scripting

October 28, 2025 Yanac

A vulnerability was found in IPFire up to 2.28 and classified as problematic. The affected element is an unknown function of the file /cgi-bin/logs.cgi/firewalllogip.dat of the component Web Interface. Executing manipulation can lead to cross site scripting.

This vulnerability is tracked as CVE-2025-34306. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More