CVE-2025-34173

Name of the Vulnerable Software and Affected Versions: pfSense CE (affected versions not specified)

Description: The iplist parameter in /usr/local/www/snort/snort ip reputation.php is not properly sanitized to prevent directory traversal attempts. This allows an authenticated attacker with “WebCfg - Services: Snort package” permissions to determine if files exist on the system through file existence checks, potentially enabling file enumeration.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.