CVE-2025-34175: Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting
Published Sep 9, 2025
·Updated
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.
Affected Software
2 affected components
Netgate pfSense CE Suricata
pfSense pfSense<2.8.0
Remediation
Event History
Sep 9, 2025
CVE Published
via MITRE·08:09 PM
Data Sourced
via MITRE·08:09 PM
DescriptionWeakness
Data Sourced
via NVD·08:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-34175?
CVE-2025-34175 has been classified as a medium severity vulnerability due to its potential for reflected cross-site scripting.
2
How do I fix CVE-2025-34175?
To fix CVE-2025-34175, update pfSense CE Suricata to a version that includes the latest patches for input sanitization.
3
Which software is affected by CVE-2025-34175?
CVE-2025-34175 affects Netgate pfSense CE Suricata.
4
What type of vulnerability is CVE-2025-34175?
CVE-2025-34175 is a reflected cross-site scripting (XSS) vulnerability.
5
Are there known exploits for CVE-2025-34175?
As of now, there are no known public exploits specifically targeting CVE-2025-34175.