Reflected Cross-Site Scripting Vulnerability in IPFire DNS Management Interface
CVE-2025-50976

6.1MEDIUM

Key Information:

Vendor: IPFire
Status: IPFire
Vendor: CVE Published:; 26 August 2025

What is CVE-2025-50976?

The DNS management interface of IPFire 2.29 is susceptible to a reflected cross-site scripting vulnerability due to insufficient input sanitization. This issue arises when user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME parameters is not adequately validated, allowing attackers to inject malicious scripts. Such a vulnerability can lead to unauthorized actions or data exposure, significantly affecting the security posture of impacted systems.

References

https://github.com/4rdr/proofs/blob/main/info/IPFire-2.29...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Jun 16, 2025

CVE-2025-50976 Data

JSON