CVE-2025-69690 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: May 8, 2026
Netgate pfSense CE - Remote Code Execution
Published: May 8, 2026Updated: May 8, 2026PoC AvailableRemote Exploitable
Overview
Netgate pfSense CE 2.7.2 contains a remote code execution caused by using the module installer with a backup file containing a serialized PHP object with post_reboot_commands, letting admin attackers execute arbitrary PHP code.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Admin attackers can execute arbitrary PHP code, potentially leading to full system compromise.
Mitigation
Update to the latest version of pfSense CE.
References
Related Resources
Details
- CVE ID
- CVE-2025-69690
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- remote_code_execution
- Status
- unconfirmed
CWE
- CWE-502
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H