CVE-2025-34182 is a stored cross-site scripting (XSS) vulnerability identified in Deciso OPNsense firewall software versions prior to 25.7.4. The issue arises from improper neutralization of HTML-related characters in the ptpid parameter when creating a Point-to-Point interface entry under the 'Interfaces: Devices: Point-to-Point' configuration. Specifically, the parameter ptpid is not sanitized before being rendered on the page interfaces_assign.php, allowing malicious HTML or JavaScript code to be stored and executed in the context of the web management interface. Exploitation requires the attacker to be authenticated with at least 'Interfaces: PPPs: Edit' permissions, which restricts the attack to users with some level of administrative access. The vulnerability is classified under CWE-79, indicating improper input sanitization during web page generation. The vendor addressed the issue by correcting the legacy_html_escape_form_data() function to properly escape keys, preventing injection of executable code. The CVSS 4.0 vector (AV:N/AC:L/PR:L/UI:P/VC:L) reflects network attack vector, low attack complexity, requiring privileges and user interaction, with low impact on confidentiality and no impact on integrity or availability. No known exploits have been reported in the wild as of the publication date. This vulnerability could be leveraged by malicious insiders or compromised accounts to execute arbitrary scripts, potentially leading to session hijacking, unauthorized actions, or further compromise of the firewall management interface.

The primary impact of CVE-2025-34182 is the potential for stored cross-site scripting attacks within the OPNsense web management interface. Successful exploitation allows an attacker with authenticated access and specific permissions to inject malicious scripts that execute in the context of other users' browsers who visit the affected page. This can lead to session hijacking, theft of authentication tokens, unauthorized configuration changes, or pivoting to other internal systems. Although the vulnerability requires some privilege level and user interaction, it poses a risk in environments where multiple administrators or users have editing rights. In large organizations or managed service providers using OPNsense, this could facilitate lateral movement or compromise of firewall controls, undermining network security. The vulnerability does not directly affect confidentiality, integrity, or availability of the firewall itself but can indirectly lead to unauthorized access or control. Since OPNsense is widely used globally in enterprise, government, and service provider networks, the impact can be significant if not mitigated promptly.

To mitigate CVE-2025-34182, organizations should immediately upgrade OPNsense to version 25.7.4 or later, where the vulnerability has been fixed by proper escaping of form data keys. Until patching is possible, restrict access to the web management interface to trusted administrators only and enforce the principle of least privilege by limiting 'Interfaces: PPPs: Edit' permissions to essential personnel. Implement network-level access controls such as VPNs or IP whitelisting to reduce exposure of the management interface. Enable multi-factor authentication (MFA) for all users with administrative privileges to reduce the risk of credential compromise. Regularly audit user permissions and session activity to detect suspicious behavior. Additionally, monitor logs for unusual input patterns or attempts to inject HTML/JavaScript code in interface configuration parameters. Educate administrators about the risks of XSS and safe input handling practices. Finally, consider deploying web application firewalls (WAFs) or intrusion detection systems (IDS) that can detect and block XSS payloads targeting the management interface.