28 May Security Patches for pfSense Plus 24.11 and CE 2.7.2
Security Patches for pfSense Plus 24.11 and CE 2.7.2
Several security patches are now available for pfSense® Plus 24.11 and pfSense® CE 2.7.2
Details
To address recently identified security vulnerabilities, some of which have been publicly disclosed ahead of the next software releases, Netgate has several security patches for the current versions: pfSense Plus 24.11 and pfSense CE 2.7.2. These fixes precede the upcoming pfSense Plus 25.03 and CE 2.8.0 releases, which will also include these security enhancements.
Users are encouraged to apply these critical updates through the System Patches Package by utilizing the Recommended Patches feature.
The following issues are resolved by the patches:
pfSense-SA-25_01.webgui: Vulnerabilities in Dashboard widget key handling, potentially causing XSS, DoS, or configuration corruption.
pfSense-SA-25_02.webgui: OpenVPN status and Dashboard widget exposure to command injection via the management interface.
pfSense-SA-25_03.webgui: Possible XSS within the AutoConfigBackup backup list.
pfSense-SA-25_04.webgui: Risk of AutoConfigBackup Device Key exposure if SSH is accessible on untrusted networks.
pfSense-SA-25_05.webgui: Stored XSS vulnerability in Firewall Schedules.
pfSense-SA-25_06.webgui: Stored XSS in the IPsec Phase 1 tunnel configuration list.
pfSense-SA-25_07.webgui: Stored XSS affecting Wake on LAN settings and associated Dashboard widget.
How to Install and Use the System Patches Package
To apply the latest security fixes, follow these steps to install and utilize the System Patches package:
Install the System Patches Package
- Navigate to System > Package Manager > Available Packages.
- Find and install the package named System Patches.
Apply Recommended Fixes
- After installation, go to System > Patches.
- Click the ‘View’ button beside Recommended Patches to display a list of available fixes for your current system version.
- Select the relevant patches and click ‘Apply’ to install them.
These patches address important security issues and applying them ensures your system remains protected. For a step-by-step walkthrough with screenshots, refer to our detailed guide on using the System Patches package.
Users running pfSense Plus on Netgate Appliances
Netgate-branded appliances include TAC Lite support and are eligible to receive this and all future software patches at no additional cost for the lifetime of the device.
Applying patches to pfSense Plus is typically done through the user interface. Before making any significant changes—such as installing patches—it is strongly recommended to back up your pfSense Plus configuration to preserve data integrity and ensure recovery options are available if needed. Detailed Backup and Recovery guidelines are available in the pfSense documentation available here: Backup and Recovery.
Users running pfSense Plus on their own hardware
Installing security patches on your own hardware follows the same procedure as on Netgate appliances, provided you have a valid subscription. If you need to renew your pfSense Pluse Software Subscription, please visit our online shop.
Users running pfSense Community Edition (CE)
We recommend upgrading from pfSense CE to pfSense Plus to take full advantage of the enhanced features and benefits of the Plus version. You can easily upgrade your pfSense CE by purchasing an activation token (pfSense+ Software Subscription).
If you need assistance to migrate from pfSense CE to pfSense Plus, talk with our certified pfSense Engineers.
Get in touch
ITG Customers
If you are an ITG customer with an active maintenance package or support contract, your are all covered. We will reach out to you shortly to finalize the details of the upgrade, which we will handle on your behalf.
