CVE-2025-34304 | IPFire up to 2.29 HTTP POST Request ovpnclients.dat CONNECTION_NAME sql injection

A vulnerability categorized as critical has been discovered in IPFire up to 2.29. The impacted element is an unknown function of the file /cgi-bin/logs.cgi/ovpnclients.dat of the component HTTP POST Request Handler. The manipulation of the argument CONNECTION_NAME results in sql injection.

This vulnerability is reported as CVE-2025-34304. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More