A critical vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi) allows authenticated administrators to inject persistent JavaScript code, leading to session hijacking, unauthorized actions, or internal network pivoting. Tracked as CVE-2025-50975, this stored cross-site scripting (XSS) flaw poses significant risk in environments where multiple administrators share firewall management duties. Details of the Flaw The vulnerability […]

The post IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Source: gbHackers
Source Link: https://gbhackers.com/ipfire-firewall-admin-panel-vulnerability/