CVE-2025-34175 – This reflected cross-site scripting vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-34175?

CVE-2025-34175 has a CVSS score of 6.1 (MEDIUM). This reflected cross-site scripting vulnerability in pfSense CE's Suricata interface allows attackers to inject malicious scripts that execute in authenticated users' browsers. The vulnerability affects administrators and users with access to the Suricata file check functionality. Successful exploitation requires the victim to be authenticated to the pfSense web interface.

📋 TL;DR

This reflected cross-site scripting vulnerability in pfSense CE's Suricata interface allows attackers to inject malicious scripts that execute in authenticated users' browsers. The vulnerability affects administrators and users with access to the Suricata file check functionality. Successful exploitation requires the victim to be authenticated to the pfSense web interface.

💻 Affected Systems

Products:

pfSense CE

Versions: Versions prior to the fix commit 97852ccfd201b24ee542be30af81272485fde0b4

Operating Systems: FreeBSD-based pfSense installations

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Suricata package installed and accessible via the web interface.

📦 What is this software?

Pfsense by Pfsense

View all CVEs affecting Pfsense →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could steal administrator session cookies, perform actions as the authenticated user, or redirect to malicious sites, potentially leading to full system compromise.

🟠

Likely Case

Session hijacking, credential theft, or unauthorized actions performed within the authenticated user's context.

🟢

If Mitigated

Limited impact due to authentication requirement and reflected nature; proper input validation prevents exploitation.

🌐 Internet-Facing: MEDIUM - While authentication is required, internet-facing pfSense instances with exposed web interfaces could be targeted.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this against authenticated users.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires social engineering to trick authenticated users into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version containing commit 97852ccfd201b24ee542be30af81272485fde0b4

Vendor Advisory: https://redmine.pfsense.org/issues/16414

Restart Required: No

Instructions:

1. Update pfSense CE to latest version. 2. Apply the specific patch from the GitHub commit. 3. No service restart required for web interface changes.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement custom input validation for the filehash parameter to sanitize HTML characters

Not applicable - requires code modification

🧯 If You Can't Patch

Restrict access to the Suricata interface to trusted users only
Implement web application firewall rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check if /usr/local/www/suricata/suricata_filecheck.php exists and examine the filehash parameter handling

Check Version:

pkg info pfSense | grep Version

Verify Fix Applied:

Verify the patch commit 97852ccfd201b24ee542be30af81272485fde0b4 is present in your installation

📡 Detection & Monitoring

Log Indicators:

Unusual filehash parameter values in web server logs
Multiple failed authentication attempts followed by filecheck access

Network Indicators:

HTTP requests to suricata_filecheck.php with suspicious filehash parameters

SIEM Query:

source="pfSense-web" AND uri="/suricata/suricata_filecheck.php" AND (filehash CONTAINS "<script>" OR filehash CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-34175

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (6.8th percentile)

Published: September 9, 2025

Last Updated: October 10, 2025

🔗 References

https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4 Patch
https://redmine.pfsense.org/issues/16414 Issue Tracking
https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-reflected-xss Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34175, you might also want to check these: