Stored XSS Vulnerability in Suricata Package for pfSense
CVE-2025-34178

5.1MEDIUM

Key Information:

Vendor

Netgate

Status
Pfsense Ce
Vendor
CVE Published:
9 September 2025

What is CVE-2025-34178?

A security flaw in the pfSense CE's Suricata service allows an authenticated attacker to inject HTML-related strings into the application. This exposure occurs due to inadequate sanitization of the policy_name parameter in the suricata_app_parsers.php file. As a result, malicious scripts could be stored and executed, compromising user sessions and potentially leading to further attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

pfSense CE 7.0.8_2

References

https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd...
patch
https://redmine.pfsense.org/issues/16414
issue-tracking
https://www.vulncheck.com/advisories/netgate-pf-sense-ce-...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Alex Williams (Pellera Technologies)
JSON
.