Unrated severityNVD Advisory· Published Aug 26, 2025· Updated Aug 27, 2025

CVE-2025-50976

Description

IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.

Affected products

IPFire/IPFiredescription
Ipfire/Ipfirellm-fuzzy
Range: = 2.29

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/4rdr/proofs/blob/main/info/IPFire-2.29-Reflected-XSS-via-DNS.mdmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000