CVE Catalog

CVE-2025-34176

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
13.90%

96th percentile - higher than 96% of all known CVEs

Summary

In pfSense CE, the suricata/suricata_ip_reputation.php file does not sanitize the iplist parameter against directory traversal sequences. This value is directly used in a file existence check, allowing an authenticated attacker to enumerate files on the server.

Risk Assessment

An attacker with Suricata package permissions can check for the existence of arbitrary files, potentially revealing sensitive configuration or system structure information.

Recommendation

Update pfSense CE to the latest patched version and implement input validation for the iplist parameter to block directory traversal sequences.

Original NVD description (English source)

In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS