CVE-2025-34173
MediumCVSS 4.3Exploitation Probability (EPSS)
Elevated risk54th percentile - higher than 54% of all known CVEs
Summary
In pfSense CE, the file /usr/local/www/snort/snort_ip_reputation.php does not sanitize the iplist parameter for directory traversal characters before checking file existence. Although file contents are not disclosed, the server reveals whether a file exists, enabling an attacker to enumerate files on the target. The attacker must be authenticated with at least 'WebCfg - Services: Snort package' permissions.
Risk Assessment
The risk is that an authenticated attacker can enumerate files on the server, potentially revealing the presence of sensitive configuration files or other resources, which could facilitate further attacks.
Recommendation
Update pfSense CE to the latest version containing the security fix, or manually sanitize the iplist parameter for directory traversal characters (e.g., '../') in the source code.
Original NVD description (English source)
In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: Snort package" permissions.

