CVE-2025-34173 Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure

In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...

PT-2025-36943

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The iplist parameter in /suricata/suricata ip reputation.php is not properly sanitized to prevent directory traversal attempts. This allows an authenticated attacker with “WebCfg -...