CRITICAL🇵🇱 Wersja polska

CVE-2025-69691

CVSS 9.9v3.1pub. 2026-05-08upd. 2026-05-12

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.

🤖 AI Analysis
How it works

The XMLRPC API interface in pfSense CE 2.8.0 exposes the pfsense.exec_php method, which allows arbitrary PHP code execution on the server. An attacker authenticated as an administrator can pass a PHP payload through this API call and achieve code execution in the system context. The vendor argues this is intentional behavior — administrators are deliberately granted the ability to execute PHP code.

Impact

An authenticated administrator can obtain full code execution on the server (RCE) with potential takeover of system control, its configuration and network data. Due to the scope (C:H/I:H/A:H, S:C), the impact may extend beyond the pfSense system itself.

Mitigation & patch

Patches available from the vendor should be applied according to the references. Due to the vendor's dispute regarding the nature of the vulnerability, it is recommended to restrict access to the XMLRPC interface exclusively to trusted IP addresses, use strong and unique passwords for administrative accounts, and minimize the number of accounts with administrator privileges.

Who is affected

Netgate pfSense CE 2.8.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Pfsense

    APP
    Pfsense
    2.8.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-69690CRITICAL9.1PL ✓ten sam produkt

pfSense CE 2.7.2 — RCE przez deserializację PHP w instalatorze modułów

CVE-2023-29974CRITICAL9.8ten sam produkt

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password...

CVE-2023-27100CRITICAL9.8ten sam produkt

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus so...

CVE-2023-29975HIGH7.2ten sam produkt

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without ve...

CVE-2020-19678HIGH7.5ten sam produkt

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a r...