CVE-2025-50974 is a critical command injection vulnerability found in the Calamaris log exporter CGI component of IPFire version 2.29. The vulnerability arises because the CGI script located at /cgi-bin/logs.cgi/calamaris.dat fails to properly sanitize user-supplied input parameters before incorporating them into shell commands. Specifically, parameters such as BYTE_UNIT, DAY_BEGIN, DAY_END, HIST_LEVEL, MONTH_BEGIN, MONTH_END, NUM_CONTENT, NUM_DOMAINS, NUM_HOSTS, NUM_URLS, PERF_INTERVAL, YEAR_BEGIN, and YEAR_END are directly embedded into shell commands without adequate validation or escaping of shell metacharacters. This lack of input sanitization allows an unauthenticated remote attacker to inject arbitrary operating system commands by embedding shell metacharacters within any of these parameters. Because the attacker does not require authentication or user interaction, exploitation can be performed remotely and automatically, potentially leading to full system compromise. The vulnerability affects IPFire 2.29, a popular open-source firewall distribution used for network security and monitoring. Although no known exploits are currently reported in the wild, the nature of the vulnerability makes it a high-risk target for attackers aiming to execute arbitrary commands on affected systems. The absence of a CVSS score indicates that this vulnerability is newly disclosed and may require further analysis for precise scoring, but the technical details clearly indicate a severe risk due to unauthenticated remote command execution.

For European organizations, the impact of CVE-2025-50974 can be substantial. IPFire is widely used in small to medium enterprises and some larger organizations as a firewall and network security appliance. Successful exploitation could allow attackers to execute arbitrary commands on the firewall device, potentially leading to full control over the network perimeter device. This can result in interception or manipulation of network traffic, disruption of network services, and pivoting to internal networks for further compromise. Confidentiality, integrity, and availability of organizational data and systems could be severely impacted. Given that firewalls are critical security infrastructure, compromise could undermine trust in network security, cause data breaches, and disrupt business operations. European organizations subject to strict data protection regulations such as GDPR could face legal and financial consequences if this vulnerability is exploited to leak or manipulate personal data. The lack of authentication requirement and the remote exploitability increase the urgency for European entities to address this vulnerability promptly.

To mitigate CVE-2025-50974, organizations should immediately upgrade IPFire installations to a version where this vulnerability is patched once available. In the absence of an official patch, administrators should consider disabling the Calamaris log exporter CGI component or restricting access to the /cgi-bin/logs.cgi/calamaris.dat endpoint via firewall rules or network segmentation to trusted management networks only. Implementing Web Application Firewall (WAF) rules to detect and block suspicious shell metacharacters in HTTP requests targeting this CGI script can provide temporary protection. Monitoring firewall logs for unusual requests to the vulnerable endpoint and setting up intrusion detection/prevention systems (IDS/IPS) to alert on potential exploitation attempts is also recommended. Additionally, organizations should review and harden the overall security posture of their IPFire deployments, including limiting administrative access, enforcing strong authentication, and regularly auditing firewall configurations. Finally, organizations should prepare incident response plans to quickly contain and remediate any compromise resulting from exploitation of this vulnerability.