What is CVE-2025-34116?

CVE-2025-34116 is a vulnerability in Ipfire Project, classified under OS Command Injection. Published 2025-07-15.

Is CVE-2025-34116 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Ipfire Project

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.762 (98.9th percentile) — read the EPSS interpretation.

Affected products

Ipfire Project — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

www.ipfire.org/news/ipfire-2-19-core-update-101-released (vendor-advisory, patch)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/39765 (exploit)
www.asafety.fr/en/vuln-exploit-poc/xss-rce-ipfire-2-19-core-update-101-remote-c… (third-party-advisory, technical-description)
bugzilla.ipfire.org/show_bug.cgi (issue-tracking)
www.vulncheck.com/advisories/ipfire-authenticated-rce (third-party-advisory)

Frequently asked questions

What is CVE-2025-34116?: CVE-2025-34116 is a vulnerability in Ipfire Project, classified under OS Command Injection. Published 2025-07-15.
Is CVE-2025-34116 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.