IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection

A critical vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi) allows authenticated administrators to inject persistent JavaScript code, leading to session hijacking, unauthorized actions, or internal network pivoting. Tracked as CVE-2025-50975, this stored cross-site scripting (XSS) flaw poses significant risk in environments where multiple administrators share firewall management duties. Details of the Flaw The vulnerability […] The post IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/ipfire-firewall-admin-panel-vulnerability/