CVE-2025-34177
Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
CVSS Score
0.0
EPSS Score
0.8%
EPSS Percentile
52th
In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
| CWE | CWE-79 |
| Vendor | netgate |
| Product | pfsense ce |
| Published | Sep 9, 2025 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for netgate pfsense ce
Be the first to know when new unknown vulnerabilities affecting netgate pfsense ce are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Netgate / pfSense CE
7.0.8_2
References
Credits
Alex Williams (Pellera Technologies)