High severityNVD Advisory· Published Jul 15, 2025· Updated Apr 15, 2026

CVE-2025-34116

Description

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.ipfire.org/show_bug.cginvd
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ipfire_proxy_exec.rbnvd
www.asafety.fr/en/vuln-exploit-poc/xss-rce-ipfire-2-19-core-update-101-remote-command-execution/nvd
www.exploit-db.com/exploits/39765nvd
www.ipfire.org/news/ipfire-2-19-core-update-101-releasednvd
www.vulncheck.com/advisories/ipfire-authenticated-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.061
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000