A critical vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi) allows authenticated administrators to inject persistent JavaScript code, leading to session hijacking, unauthorized actions, or internal network pivoting.
Tracked as CVE-2025-50975, this stored cross-site scripting (XSS) flaw poses significant risk in environments where multiple administrators share firewall management duties.
Details of the Flaw
The vulnerability resides in improper sanitization of several rule parameters within the firewall rule editor.
Specifically, fields such as PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, and tgt_addr do not undergo sufficient input validation.
| CVE ID | Affected Version | Vulnerability Type | Attack Vector | Complexity |
| CVE-2025-50975 | IPFire 2.29 | Stored XSS | Web Interface | Low |
An attacker with high-privilege GUI access can embed malicious JavaScript payloads into these parameters.
Once stored, the payload executes whenever any administrator views the firewall rules page, enabling:
- Session hijacking via cookie theft
- Execution of unauthorized administrative actions
- Deployment of further attacks against internal systems
Exploitation is simple and requires only valid administrator credentials with GUI access. No additional trickery or social engineering is necessary beyond logging into the interface.
The attack complexity is classified as low, and the impact includes both confidentiality and integrity violations.
A demonstration of the stored XSS attack can be found in the GIF proof-of-concept hosted on GitHub.
The payload injection occurs during rule creation, and execution is immediately visible when the rules page reloads under another administrator session.
Mitigation and Recommendations
Administrators should take the following steps to mitigate risk:
- Update IPFire: Apply the latest security patches or upgrade to a version beyond 2.29 where the input sanitization has been hardened.
- Restrict Admin Access: Limit the number of GUI-privileged users and enforce multi-factor authentication to reduce the risk of credential compromise.
- Implement Content Security Policy: Deploy a strict HTTP Content Security Policy (CSP) header to restrict inline script execution and reduce XSS impact.
- Audit Firewall Rules: Regularly review existing rules for anomalous characters or unexpected script tags.
Organizations relying on IPFire for perimeter defense should treat this vulnerability as a top priority. Ensuring rapid patch deployment and tightening administrative controls will help safeguard critical network infrastructure against persistent XSS threats.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
