CVE-2025-34172: Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting

Q: What is the severity of CVE-2025-34172?

CVE-2025-34172 has a severity rating that indicates a potential risk for reflected cross-site scripting in authenticated users.

Q: How do I fix CVE-2025-34172?

To mitigate CVE-2025-34172, ensure you update to the latest version of the pfSense CE HAProxy Package where the vulnerability is addressed.

Q: Who is affected by CVE-2025-34172?

CVE-2025-34172 affects users of the pfSense CE HAProxy Package who authenticate to the system.

Q: What type of vulnerability is CVE-2025-34172?

CVE-2025-34172 is categorized as a reflected cross-site scripting vulnerability.

Q: Is CVE-2025-34172 likely to be exploited?

Given that CVE-2025-34172 targets authenticated users, it has the potential to be exploited if proper mitigations are not applied.

Published Sep 9, 2025

Updated

In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.

Affected Software

2 affected components

Netgate pfSense CE HAProxy Package

pfSense pfSense<2.8.0

Remediation

Patch Available

https://github.com/pfsense/FreeBSD-ports/commit/04d1328ab077830eb57a24bb7018c812b6358c64

Event History

Sep 9, 2025

CVE Published

via MITRE·07:43 PM

Data Sourced

via MITRE·07:43 PM

DescriptionWeakness

Data Sourced

via NVD·08:15 PM

RemedyDescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-34172?

CVE-2025-34172 has a severity rating that indicates a potential risk for reflected cross-site scripting in authenticated users.

How do I fix CVE-2025-34172?

To mitigate CVE-2025-34172, ensure you update to the latest version of the pfSense CE HAProxy Package where the vulnerability is addressed.

Who is affected by CVE-2025-34172?

CVE-2025-34172 affects users of the pfSense CE HAProxy Package who authenticate to the system.

What type of vulnerability is CVE-2025-34172?

CVE-2025-34172 is categorized as a reflected cross-site scripting vulnerability.

Is CVE-2025-34172 likely to be exploited?

Given that CVE-2025-34172 targets authenticated users, it has the potential to be exploited if proper mitigations are not applied.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2025-34172: Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting

Affected Software

Remediation

Patch Available

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-34172?

How do I fix CVE-2025-34172?

Who is affected by CVE-2025-34172?

What type of vulnerability is CVE-2025-34172?

Is CVE-2025-34172 likely to be exploited?

Company

Resources

Contact