CVE-2025-34175
Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting
CVSS Score
0.0
EPSS Score
14.8%
EPSS Percentile
96th
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.
| CWE | CWE-79 |
| Vendor | netgate |
| Product | pfsense ce |
| Published | Sep 9, 2025 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for netgate pfsense ce
Be the first to know when new unknown vulnerabilities affecting netgate pfsense ce are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Netgate / pfSense CE
7.0.8_2
References
Credits
Alex Williams (Pellera Technologies)