CVE Catalog

CVE-2025-34175

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
14.78%

96th percentile - higher than 96% of all known CVEs

Summary

In pfSense CE, the file /usr/local/www/suricata/suricata_filecheck.php directly displays the value of the filehash parameter without sanitizing HTML-related characters/strings. This can result in reflected cross-site scripting (XSS) if the victim is authenticated.

Risk Assessment

The risk involves the execution of a malicious script in the browser of an authenticated administrator, potentially leading to session theft, configuration modification, or further network attacks.

Recommendation

Immediately update pfSense CE to the latest patched version and apply proper input filtering and output encoding for the filehash parameter.

Original NVD description (English source)

In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS