A saved cross-site scripting (XSS) flaw recognized in IPFire 2.29’s web-based firewall interface (firewall.cgi).
Tracked as CVE-2025-50975, the vulnerability permits any authenticated administrator to inject persistent JavaScript into firewall rule parameters.
As soon as saved, the payload executes routinely when one other administrator masses the foundations web page, probably leading to session hijacking, unauthorized actions throughout the interface, and even deeper community pivoting.
Key Takeaways1. IPFire 2.29’s firewall.cgi permits admins to inject persistent JavaScript.2. Permitting session hijacking, unauthorized actions, or additional inner pivoting.3. Improve; implement enter sanitization, making use of strict least-privilege entry.
Saved XSS Vulnerability
In accordance with the report, IPFire’s firewall administration CGI script fails to sanitize a number of user-supplied parameters earlier than rendering them within the HTML response.
The affected fields embody PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt and tgt_addr.
An attacker with high-privilege GUI entry can craft a malicious rule entry comparable to:
Including the payload contained in the ruleremark parameter:
Upon submission, the JavaScript snippet is saved within the firewall rule set. When any administrator subsequently views the script executes of their browser context.
This easy but potent exploit requires no social engineering past legitimate credentials, and its complexity is comparatively low.
Danger FactorsDetailsAffected ProductsIPFire 2.29, particularly firewall.cgi interface ImpactPersistent JavaScript injection (Saved XSS), unauthorized interface actionsExploit PrerequisitesAuthenticated administrator entry to firewall CGI Internet GUICVSS 3.1 ScoreNot specified
Mitigations
Demonstrations of the assault leverage a take a look at occasion at the place a GIF walkthrough illustrates payload injection and session cookie exfiltration.
Because the flaw resides within the lack of HTML escaping for a number of parameters, IPFire deployments in multi-admin environments are significantly in danger.
To mitigate the problem, all firewall.cgi parameters have to be HTML-escaped or handed by way of a whitelisting routine.
IPFire maintainers have launched model 2.29.1, which implements correct sanitation for PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, and tgt_addr.
Restrict administrative GUI entry to trusted operators and networks and deploy a strict CSP header to limit inline script execution throughout the firewall interface.
Whereas different XSS variants exist in IPFire 2.29, this saved XSS path represents probably the most simple vector for real-world exploitation.
Directors ought to prioritize patching and hardening their firewall administration interfaces to forestall malicious JavaScript persistence and subsequent inner community compromise.
Bored with Filling Varieties for safety & Compliance questionnaires? Automate them in minutes with 1up! Begin Your Free Trial Now!
