Pfsense Plus
Approved changes feed: RSS · Atom
cpe:2.3:a:netgate:pfsense_plus:4.1.6_25:*:*:*:*:*:*:*
part: a version: 4.1.6_25 update: *
| Vendor | Netgate (42bc912c-274f-5f68-8e52-e5d60c7dbf39) |
|---|---|
| Product | Pfsense Plus (5ec68f3d-66e2-5fbb-89ed-73f49d117b36) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-34173 |
vulnerable | 2026-06-08 07:19:02.745527 |
Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure
In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: Snort package" permissions.
Published: 2025-09-09T19:59:14.136Z
Updated: 2025-11-20T12:23:55.690Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.