In pfSense CE /usr/local/www/suricata/suricata_filecheck... · CVE-2025-34175 · GitHub Advisory Database · GitHub

In pfSense CE /usr/local/www/suricata/suricata_filecheck...

Moderate severity Unreviewed Published Sep 9, 2025 to the GitHub Advisory Database • Updated Sep 9, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.

References

Published by the National Vulnerability Database

Sep 9, 2025

Published to the GitHub Advisory Database Sep 9, 2025

Last updated Sep 9, 2025

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction Active

Vulnerable System Impact Metrics

Confidentiality Low

Integrity None

Availability None

Subsequent System Impact Metrics

Confidentiality Low

Integrity None

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X