CVE-2025-69691 in pfSense CEinformación

Resumen

por MITRE • 2026-05-08

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Divulgación

2026-05-08

Moderación

aceptado

Artículo

VDB-346270

CPE

listo

CWE

CWE-284 (confirmado)

CVSS

8.8 (VulDB)

EPSS

0.00032

KEV

Actividades

muy bajo

Sector

Energy, Police, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-69691
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-69691
CVE Details	https://www.cvedetails.com/cve/CVE-2025-69691/

◂ Anterior Visión De Conjunto Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!