CVE-2025-34182: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Deciso OPNsense
In Deciso OPNsense before 25.7.4, when creating an "Interfaces: Devices: Point-to-Point" entry, the value of the parameter ptpid is not sanitized of HTML-related characters/strings. This value is directly displayed when visiting the page/interfaces_assign.php, which can result in stored cross-site scripting. The attacker must be authenticated with at-least "Interfaces: PPPs: Edit" permission. This vulnerability has been addressed by the vendor in the product release notes as "ui: legacy_html_escape_form_data() was not escaping keys only data elements."
AI Analysis
Technical Summary
The vulnerability arises from improper neutralization of input during web page generation (CWE-79) in Deciso OPNsense. Specifically, the ptpid parameter used in the creation of Point-to-Point interface entries is not escaped correctly, leading to stored XSS when the affected page is viewed. Exploitation requires authenticated access with specific edit permissions. The vendor fixed this by updating the legacy_html_escape_form_data() function to escape keys as well as data elements in the user interface in release 25.7.4.
Potential Impact
An attacker with authenticated access and the required edit permissions can inject malicious scripts that execute in the context of other users viewing the affected page. This can lead to session hijacking, unauthorized actions, or other client-side impacts typical of stored XSS vulnerabilities. The CVSS 4.0 score is 5.1 (medium severity), reflecting the need for authentication and limited scope of impact.
Mitigation Recommendations
This vulnerability is fixed in Deciso OPNsense version 25.7.4. Users should upgrade to this version or later to remediate the issue. No additional mitigations are indicated by the vendor advisory.
CVE-2025-34182: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Deciso OPNsense
Description
In Deciso OPNsense before 25.7.4, when creating an "Interfaces: Devices: Point-to-Point" entry, the value of the parameter ptpid is not sanitized of HTML-related characters/strings. This value is directly displayed when visiting the page/interfaces_assign.php, which can result in stored cross-site scripting. The attacker must be authenticated with at-least "Interfaces: PPPs: Edit" permission. This vulnerability has been addressed by the vendor in the product release notes as "ui: legacy_html_escape_form_data() was not escaping keys only data elements."
CVSS v4.0
Score 5.1medium
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability arises from improper neutralization of input during web page generation (CWE-79) in Deciso OPNsense. Specifically, the ptpid parameter used in the creation of Point-to-Point interface entries is not escaped correctly, leading to stored XSS when the affected page is viewed. Exploitation requires authenticated access with specific edit permissions. The vendor fixed this by updating the legacy_html_escape_form_data() function to escape keys as well as data elements in the user interface in release 25.7.4.
Potential Impact
An attacker with authenticated access and the required edit permissions can inject malicious scripts that execute in the context of other users viewing the affected page. This can lead to session hijacking, unauthorized actions, or other client-side impacts typical of stored XSS vulnerabilities. The CVSS 4.0 score is 5.1 (medium severity), reflecting the need for authentication and limited scope of impact.
Mitigation Recommendations
This vulnerability is fixed in Deciso OPNsense version 25.7.4. Users should upgrade to this version or later to remediate the issue. No additional mitigations are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-04-15T19:15:22.568Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68dd5ef5ebdfe95d2e1694d8
Added to database: 10/01/2025, 17:03:49 UTC
Last enriched: 05/16/2026, 09:18:03 UTC
Last updated: 06/27/2026, 08:51:17 UTC
Views: 777
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.