CVE-2025-34301 | IPFire up to 2.28 Web Interface COUNTRY_CODE cross site scripting

October 28, 2025 Yanac

A vulnerability has been found in IPFire up to 2.28 and classified as problematic. Impacted is an unknown function of the component Web Interface. Performing manipulation of the argument COUNTRY_CODE results in cross site scripting.

This vulnerability is identified as CVE-2025-34301. The attack can be initiated remotely. There is not any exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More